Details about package oidc-agent
| Name: | oidc-agent |
|---|---|
| Uploader: | Marcus Hardt <packages@lists.kit.edu> (Debian QA page) |
| Description: | oidc-agent - Commandline tool for obtaining OpenID Connect Access tokens on the commandline liboidc-agent4 - oidc-agent library liboidc-agent-dev - oidc-agent library development files oidc-agent-prompt - oidc-agent prompt utility |
Package uploads
Upload #8
Information
| Version: | 4.0.0 |
|---|---|
| Uploaded: | 2020-07-29 14:25 |
| Source package: | oidc-agent_4.0.0.dsc |
| Distribution: | UNRELEASED |
| Section: | misc |
| Priority: | optional |
| Homepage: | https://github.com/indigo-dc/oidc-agent/ |
| Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
| Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0) UNRELEASED; urgency=medium
.
[ Marcus hardt ]
* Trying to fix debuild messages
* Updated dependency versions
.
[ Gabriel Zachmann ]
* Fixes dependencies versions
* adds man pages
.
[ Gabriel Zachmann ]
* Support for Authorization Code Flow
* Support for Device Flow
* Support for user defined scopes
* Couple of minor improvements
* Couple of bugfixes
.
[ Gabriel Zachmann ]
* Support for providing the device authorization endpoint manually
.
[ Gabriel Zachmann ]
* Removed https://perun.elixir-czech.cz/oidc/ from issuer.config.
.
[ Marcus Hardt ]
* Add IAM of DEEP to issuer.conf
* Also accept libcurl4 as a dependency
.
[ Gabriel Zachmann ]
* Adds documentation notes on expiring refresh tokens
.
[ Gabriel Zachmann ]
* Adds possibility to build the C-API as static library
* oidc-token now uses this library
.
[ Gabriel Zachmann ]
* fixed segmentation fault for an unchecked file existence
.
[ Gabriel Zachmann ]
* Fixes static library
* Includes Refactoring
* Hides client secret
* Adds optional client name identifier when using dynamic registration
* Optionally prints the device code url QR-code directly to the terminal
* Validation for redirect url format
* Fixes some typos
* Backward-compatible API-change: ipc access token requests now also contain
the associated issuer; also the C-API includes it
.
[ Gabriel Zachmann ]
* Replaces JSON Parser Library
* On default only one configuration file for client and account config is
generated.
* json and list dependencies are now included as source files not as a static
library
* oidc-agent can now be started with a default lifetime for account
configurations
* a lifetime can be specified when using oidc-add
* Better no_color support.
* Memory encryption: Encrypting refresh_token and client credentials when
not used.
* oidc-agent can now be locked. This includes additional encryption for access
tokens, refresh tokens and client credentials.
* Supporting seccomp (can be turned off) to restrict system calls
* Automatic call of authorization url can be turned off
* Adds support for bash-completion
* Changes to command line arguments: no longer using space delimited strings
* Removed the feature to list the currently loaded account configurations
* Token Request can now include an application hint
* Token Request Response now includes expires_at
* Unloading accounts does not require a password anymore
* Added option to unload all loaded accounts.
* Improvements to the memory management
* Fixed a bug where automatic account generation failed after successful
dynamic client registration.
* Improved UX: checking if oidc-add can connect to agent before prompting
for encryption password
.
[ Gabriel Zachmann ]
* Fixes a bug related to merging json objects
* Improves UI: oidc-gen now does not prompt for refresh token. Use the --rt
option insted.
* Improves UI: oidc-gen only prompts for credentials if using the password
flow
* Improved flow internal handling of dynamic client registration
* Fixes a missing seccomp syscall
.
[ Gabriel Zachmann ]
* Fixed a bug that disabled seccomp for oidc-add and oidc-token
* Internal Improvements to bash-completion
* Fixed a bug where dyn client reg would fail if the preselected scope was
modified.
.
[ Gabriel Zachmann ]
* Fixed a bug that autoremoved also accounts with infinite lifetime when an
account with limited lifetime expired
* Added missing seccomp syscalls
* Fixed a bug that broke bash completion
* Fixed possible segmentation faults
* Disabled seccomp on default
* Disables Tracing: Cannot attach using ptrace
.
[ Gabriel Zachmann ]
* Now using base64 encoding instead of hex encoding for all new encryptions
* Updated the config file format used for all new encryptions; this includes
the version it was generated with
* Added possibility to update a config file to the newest file format /
encryption
* Improved the en/decryption, so that all parameters needed are now saved
(linked to the file format)
* Fixed seg faults
* Allows usage of cjson package instead of included source files
* Fixed double response from oidc-agent for check request if agent locked
* Changes to the libsodium depencency: required newer version, now included
as static library
* Now providing a shared library and not only a static library
* The shared library is provided in the liboidc-agent2 package, the needed
development files in the liboidc-agent-dev package
* Fixed invalid read in stringToJSON
* Fixed possible double frees when the already set value is passed to a
setter
* Fixed missing authentication for device code access token requests
* Now allowing using OIDPs that support the device flow, but don't advertise
it by using the oidc-gen --dae option
* Improved UX: checking if oidc-gen can connect to agent before prompting
the user for any information
* Support for IPC encryption: oidc-add and oidc-gen now only communicate in
an encrypted way with oidc-agent
* Fixed a bug where the grant_type parameter was falsly included in the auth
code url
* Improved the account listing output
.
[ Gabriel Zachmann ]
* Fixed a bug causing problems with the device flow
* Fixed memory leaks
.
[ Gabriel Zachmann ]
* Fixed a bug due to which errors during token revocation were ignored
* Fixed a bug displaying a (wrong) error message when token revocation
succeeded and the server answered with an empty response when using
encrypted ipc communication
* Fixed a bug where the browser would not redirect to the webserver when the
chosen port was to high
* Fixed a sementation fault if the config tmp file did not contain the
account shortname
* Fixed broken bash-completion when oidcdir did not yet exist
.
[ Gabriel Zachmann ]
* Fixed build error if bin dir not existed
* Fixed a problem with unity OP where access token did not have any scope
* Fixed strange additional parameters in the auth code exchange request
* Fixed superfluous error logs when checking if a string is a json object
* Changed encoding for memory encryption from hex to base64
.
[ Gabriel Zachmann ]
* Fixed a bug due to which oidc-agent would return a wrong already loaded
account config when generating a new account config
* Improved error handling when no authorization flow possible
* Fixed a seg fault when dynamic client registration failed
* Fixed a seg fault in memory decryption if account config does not have a
client secret (public client)
* Added support for PKCE
* Added support for public clients
* Fixed a bug where it was possible to display issuer urls that only differ
in the trayling slash twice when using oidc-gen
* Enforce usage of openid and offline_access scope in all cases
.
[ Gabriel Zachmann ]
* Improve error message when necessary scopes cannot be registered during
dynamic client registration
* If necessary scopes cannot be registered during dynamic client
registration, a public client is tried
* Fixed memory leaks
* Allow updating of public clients by using the -m and --pub option
.
[ Gabriel Zachmann ]
* Added public client for aai.egi.eu
.
[ Gabriel Zachmann ]
* Added environment variable to manually specify the oidc-agent config
directory location
* Added option to manually specify the used redirect port during dynamic
client registration
.
[ Gabriel Zachmann ]
* Fixed file locations when using a custom oidcdir (through env var) and the
path value did not have a trailing slash
* Fixed a possible seg fault
.
[ Gabriel Zachmann ]
* Fixed a bug that made it impossible to use the device flow
.
[ Gabriel Zachmann ]
* Removed an unnecessary client_id from post data, that caused problems with
iam when using the device flow.
.
[ Gabriel Zachmann ]
* Changed the fundamental architecture by introducing a new proxy daemon
* Now an account config can be updated by oidc-agent, i.e. when a provider
issues a new refresh token
* oidc-agent can manage the encryption password: store encrypted in memory,
use keyring, use user provided command, or prompt the user
* Added autoload possibility. If an application requests an access token for a
not loaded config, it is automatically loaded, if the user allows it.
* Added possibility that each usage of an account configuration has to be
confirmed by the user. Can be turned on by using oidc-add -c or oidc-agent
-c
* Changed the oidc-agent console module flag from -c to -d
* Changed the default port for redirect urls when using dynamic client
registration from 2912 to 4242
* Added encryption for the communciation between agent and its httpserver
* Added possibility to complete account generation with the url a user is
redirected to
* Fixed possible seg faults
.
[ Gabriel Zachmann ]
* Added support for custom uri scheme redirect uris
* Added support for doing the auth code flow without a webserver
* Added public clients for HBP, Elixir
* Added support for XSession integration
* Various bug fixes and other improvements
* Allow -u to encrypt unencrypted files, not only reencrypting already
encrypted files
* When using oidc-gen --delete the account config now does not have to be
loaded. The refresh token can also be revoked if not loaded.
* Added --reauthenticate option to oidc-gen to easily update the refresh
token without changing any other metadata
* En-/Decryption password prompts can be done noninteractive using the
--pw-cmd option
* Improved documentation
* Fixed some memory leaks
* Fixed a seg fault when locking an agent that has a public client loaded
* Fixed other possible seg faults
* Improved usability of oidc-gen and other enhancements
.
[ Gabriel Zachmann ]
* Fixed the course of a bug that would not utilize the cached AT when an
application requests an AT with an empty scope value. This fix might have
also fixed other unknown bugs.
* Improved the user prompt message for autoload when the application does
not send an application_hint
* Improved error handling when refresh token wrong
* Fix a bug related to the confirm feature: after a request is declined it
was impossible to get an access token for this configuration without
reloading the configuration.
.
[ Gabriel Zachmann ]
* Changed the type of the UNIX domain socket used for communciating with
oidc-agent from SOCK_SEQPACKET to SOCK_STREAM
* This allows forwarding of the oidc-agent through ssh
* Added getAccessToken2 to liboidc-agent
* Access tokens can now be requested by issuer url; the suer can set an
default account config for each issuer
* Added the correlating functions to liboidc-agent
* oidc-token can now also be used with issuer urls
.
[ Gabriel Zachmann]
* Added the elixir public client to the list of public clients
.
[ Gabriel Zachmann ]
* Fixed a segfault if the pubclients.conf file does not exist
* Fixed segfault if the issuer.config in the oidc-agent directory doesn't
exist and an AT is requested by issuer.
* Fixed behavior of oidc-gen -p when the passed file does not exist.
.
[ Gabriel Zachmann ]
* Support on MacOS
.
[ Gabriel Zachmann ]
* Fixed a bug that did not save the information from dynamic client
registration (did not save merged data).
* Updated the cJSON library
.
[ Gabriel Zachmann ]
* Fixed a bug due to which no error message was displayed when trying to
load an account configuration and the oidc-agent directory was not
accessible for oidc-add.
* This bug also caused the agent to crash if oidc-token was used to load
this account configuration on the fly and the oidc-agent directory was
not accessible for oidc-agent.
.
[ Gabriel Zachmann ]
* Add possibility to allow applications that run under another user access
to the agent by using the --with-group option
.
[ Marcus Hardt ]
* Add debhelper-token
* Remove build-essential from Build-Depends
* Improve clean target to fix "source-is-missing" lintian warnings
.
[ Gabriel Zachmann ]
* Add possibility to avoid custom uri scheme (useful when running on a
remote server)
* Fixed bug with doubled communication when not all required scopes could be
registered
* Now displaying warning message when client regstration could not register
all requested scopes.
.
[ Gabriel Zachmann ]
* Add public clients for deep and extreme datacloud
.
[ Gabriel Zachmann ]
* Add public clients for iam-demo.cloud.cnaf.infn.it
.
[ Gabriel Zachmann ]
* Fixed bug that might cause problems with providers that do not support
PKCE. No longer sending code_verifier on auth code exchange requests.
.
[ Gabriel Zachmann ]
* Fixed some spelling errors.
* Fix X11 settings only adjusted when the configuration file already exists.
* Increased oidc-gen polling interval and duration.
* oidc-gen now displays the scopes supported by the provider.
* Scopes provided to oidc-gen are no longer intersected with the supported
scopes.
.
[ Gabriel Zachmann ]
* Improve RPM build
.
[ Gabriel Zachmann ]
* Fix scope lookup not using cert path.
* Exit oidc-gen when error during scope lookup.
* Add option to oidc-token to specify name of calling application.
* Add option to oidc-add to list currently loaded accounts.
* Fix no-scheme option not working if first url is scheme url.
* Add option to oidc-agent that allows log message printed to stderr.
* Fix that some information is printed to stderr instead of stdout.
* Fix scopes not set when using password flow.
* Add support to request tokens with specific audience.
* Add wlcg.cloud.cnaf.infn.it
* Add public client for wlcg.cloud.cnaf.infn.it
* Update cJSON library.
* Add --id-token option to oidc-token to request an id-token from the
agent.
* Fix some minor bugs.
* Add oidc-keychain to reuse oidc-agent across logins
.
[ Gabriel Zachmann ]
* Remove dot files from oidc-add and oidc-gen -l
* Add a header line for oidc-add -a
.
[ Gabriel Zachmann ]
* Add aai-demo.egi.eu
* Add public client for aai-demo.egi.eu
.
[ Gabriel Zachmann ]
* Fix --pw-cmd not correctly working when output does not end with newline
character
* Fix duplicated output of oidc-agent when redirecting
* Fix oidc-agent dies when client disconnects before agent can write back.
.
[ Gabriel Zachmann ]
* Updated the issuer urls of HDF.
* Fix bash completion of shortnames if $OIDC_CONFIG_DIR is used.
.
[ Gabriel Zachmann ]
* Add possibility for force a new AT through oidc-token.
* Add status command to oidc-agent to get information about the currently
running agent.
* Allow users to rename accounts.
* Write temporary data to oidc-agent instead of tmp file.
* Fix seg fault in oidc-gen issuer selection when selecting 0
* Delete oidc client when deleting agent configuration.
* Improved bash completion of oidc-gen short options.
* Add --pw-file option to read decryption password from file
* Improve password prompt on autoload.
* On default cnid (oidc-gen) is set to the hostname; so the hostname is
included in the client name.
* oidc-gen is now completely non-interactive
* Added several new options for passing information to oidc-gen
* User can now choose between cli and gui prompts.
* Fix bug where oidc-gen would use a public client instead of aborting when
generating a account configuration with a shortname that is already
loaded.
* When the 'max' keyword is used for scopes and a public client is used,
this now uses the maximum scopes for that public client, not the issuer.
* Fixes a possible conflict between the application type 'web' and custom
scheme redirect uris.
* Update cJSON library.
QA information
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License -
–
Package is not in Debian
-
–
Package has lintian warningsoidc-agent
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
oidc-agent source -
W
desktop-command-not-in-package
-
–
"Maintainer" email is the same as the uploader
-
–
Package is native
format: 3.0 (native) -
–
Watch file is not present
-
–
Package uses debhelper-compatDebhelper compatibility level 9
-
–
Package uploaded for the UNRELEASED distribution
Comments
No comments
Upload #7
Information
| Version: | 4.0.0 |
|---|---|
| Uploaded: | 2020-07-29 13:55 |
| Source package: | oidc-agent_4.0.0.dsc |
| Distribution: | UNRELEASED |
| Section: | misc |
| Priority: | optional |
| Homepage: | https://github.com/indigo-dc/oidc-agent/ |
| Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
| Vcs-Browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0) UNRELEASED; urgency=medium
.
[ Marcus hardt ]
* Trying to fix debuild messages
* Updated dependency versions
.
[ Gabriel Zachmann ]
* Fixes dependencies versions
* adds man pages
.
[ Gabriel Zachmann ]
* Support for Authorization Code Flow
* Support for Device Flow
* Support for user defined scopes
* Couple of minor improvements
* Couple of bugfixes
.
[ Gabriel Zachmann ]
* Support for providing the device authorization endpoint manually
.
[ Gabriel Zachmann ]
* Removed https://perun.elixir-czech.cz/oidc/ from issuer.config.
.
[ Marcus Hardt ]
* Add IAM of DEEP to issuer.conf
* Also accept libcurl4 as a dependency
.
[ Gabriel Zachmann ]
* Adds documentation notes on expiring refresh tokens
.
[ Gabriel Zachmann ]
* Adds possibility to build the C-API as static library
* oidc-token now uses this library
.
[ Gabriel Zachmann ]
* fixed segmentation fault for an unchecked file existence
.
[ Gabriel Zachmann ]
* Fixes static library
* Includes Refactoring
* Hides client secret
* Adds optional client name identifier when using dynamic registration
* Optionally prints the device code url QR-code directly to the terminal
* Validation for redirect url format
* Fixes some typos
* Backward-compatible API-change: ipc access token requests now also contain
the associated issuer; also the C-API includes it
.
[ Gabriel Zachmann ]
* Replaces JSON Parser Library
* On default only one configuration file for client and account config is
generated.
* json and list dependencies are now included as source files not as a static
library
* oidc-agent can now be started with a default lifetime for account
configurations
* a lifetime can be specified when using oidc-add
* Better no_color support.
* Memory encryption: Encrypting refresh_token and client credentials when
not used.
* oidc-agent can now be locked. This includes additional encryption for access
tokens, refresh tokens and client credentials.
* Supporting seccomp (can be turned off) to restrict system calls
* Automatic call of authorization url can be turned off
* Adds support for bash-completion
* Changes to command line arguments: no longer using space delimited strings
* Removed the feature to list the currently loaded account configurations
* Token Request can now include an application hint
* Token Request Response now includes expires_at
* Unloading accounts does not require a password anymore
* Added option to unload all loaded accounts.
* Improvements to the memory management
* Fixed a bug where automatic account generation failed after successful
dynamic client registration.
* Improved UX: checking if oidc-add can connect to agent before prompting
for encryption password
.
[ Gabriel Zachmann ]
* Fixes a bug related to merging json objects
* Improves UI: oidc-gen now does not prompt for refresh token. Use the --rt
option insted.
* Improves UI: oidc-gen only prompts for credentials if using the password
flow
* Improved flow internal handling of dynamic client registration
* Fixes a missing seccomp syscall
.
[ Gabriel Zachmann ]
* Fixed a bug that disabled seccomp for oidc-add and oidc-token
* Internal Improvements to bash-completion
* Fixed a bug where dyn client reg would fail if the preselected scope was
modified.
.
[ Gabriel Zachmann ]
* Fixed a bug that autoremoved also accounts with infinite lifetime when an
account with limited lifetime expired
* Added missing seccomp syscalls
* Fixed a bug that broke bash completion
* Fixed possible segmentation faults
* Disabled seccomp on default
* Disables Tracing: Cannot attach using ptrace
.
[ Gabriel Zachmann ]
* Now using base64 encoding instead of hex encoding for all new encryptions
* Updated the config file format used for all new encryptions; this includes
the version it was generated with
* Added possibility to update a config file to the newest file format /
encryption
* Improved the en/decryption, so that all parameters needed are now saved
(linked to the file format)
* Fixed seg faults
* Allows usage of cjson package instead of included source files
* Fixed double response from oidc-agent for check request if agent locked
* Changes to the libsodium depencency: required newer version, now included
as static library
* Now providing a shared library and not only a static library
* The shared library is provided in the liboidc-agent2 package, the needed
development files in the liboidc-agent-dev package
* Fixed invalid read in stringToJSON
* Fixed possible double frees when the already set value is passed to a
setter
* Fixed missing authentication for device code access token requests
* Now allowing using OIDPs that support the device flow, but don't advertise
it by using the oidc-gen --dae option
* Improved UX: checking if oidc-gen can connect to agent before prompting
the user for any information
* Support for IPC encryption: oidc-add and oidc-gen now only communicate in
an encrypted way with oidc-agent
* Fixed a bug where the grant_type parameter was falsly included in the auth
code url
* Improved the account listing output
.
[ Gabriel Zachmann ]
* Fixed a bug causing problems with the device flow
* Fixed memory leaks
.
[ Gabriel Zachmann ]
* Fixed a bug due to which errors during token revocation were ignored
* Fixed a bug displaying a (wrong) error message when token revocation
succeeded and the server answered with an empty response when using
encrypted ipc communication
* Fixed a bug where the browser would not redirect to the webserver when the
chosen port was to high
* Fixed a sementation fault if the config tmp file did not contain the
account shortname
* Fixed broken bash-completion when oidcdir did not yet exist
.
[ Gabriel Zachmann ]
* Fixed build error if bin dir not existed
* Fixed a problem with unity OP where access token did not have any scope
* Fixed strange additional parameters in the auth code exchange request
* Fixed superfluous error logs when checking if a string is a json object
* Changed encoding for memory encryption from hex to base64
.
[ Gabriel Zachmann ]
* Fixed a bug due to which oidc-agent would return a wrong already loaded
account config when generating a new account config
* Improved error handling when no authorization flow possible
* Fixed a seg fault when dynamic client registration failed
* Fixed a seg fault in memory decryption if account config does not have a
client secret (public client)
* Added support for PKCE
* Added support for public clients
* Fixed a bug where it was possible to display issuer urls that only differ
in the trayling slash twice when using oidc-gen
* Enforce usage of openid and offline_access scope in all cases
.
[ Gabriel Zachmann ]
* Improve error message when necessary scopes cannot be registered during
dynamic client registration
* If necessary scopes cannot be registered during dynamic client
registration, a public client is tried
* Fixed memory leaks
* Allow updating of public clients by using the -m and --pub option
.
[ Gabriel Zachmann ]
* Added public client for aai.egi.eu
.
[ Gabriel Zachmann ]
* Added environment variable to manually specify the oidc-agent config
directory location
* Added option to manually specify the used redirect port during dynamic
client registration
.
[ Gabriel Zachmann ]
* Fixed file locations when using a custom oidcdir (through env var) and the
path value did not have a trailing slash
* Fixed a possible seg fault
.
[ Gabriel Zachmann ]
* Fixed a bug that made it impossible to use the device flow
.
[ Gabriel Zachmann ]
* Removed an unnecessary client_id from post data, that caused problems with
iam when using the device flow.
.
[ Gabriel Zachmann ]
* Changed the fundamental architecture by introducing a new proxy daemon
* Now an account config can be updated by oidc-agent, i.e. when a provider
issues a new refresh token
* oidc-agent can manage the encryption password: store encrypted in memory,
use keyring, use user provided command, or prompt the user
* Added autoload possibility. If an application requests an access token for a
not loaded config, it is automatically loaded, if the user allows it.
* Added possibility that each usage of an account configuration has to be
confirmed by the user. Can be turned on by using oidc-add -c or oidc-agent
-c
* Changed the oidc-agent console module flag from -c to -d
* Changed the default port for redirect urls when using dynamic client
registration from 2912 to 4242
* Added encryption for the communciation between agent and its httpserver
* Added possibility to complete account generation with the url a user is
redirected to
* Fixed possible seg faults
.
[ Gabriel Zachmann ]
* Added support for custom uri scheme redirect uris
* Added support for doing the auth code flow without a webserver
* Added public clients for HBP, Elixir
* Added support for XSession integration
* Various bug fixes and other improvements
* Allow -u to encrypt unencrypted files, not only reencrypting already
encrypted files
* When using oidc-gen --delete the account config now does not have to be
loaded. The refresh token can also be revoked if not loaded.
* Added --reauthenticate option to oidc-gen to easily update the refresh
token without changing any other metadata
* En-/Decryption password prompts can be done noninteractive using the
--pw-cmd option
* Improved documentation
* Fixed some memory leaks
* Fixed a seg fault when locking an agent that has a public client loaded
* Fixed other possible seg faults
* Improved usability of oidc-gen and other enhancements
.
[ Gabriel Zachmann ]
* Fixed the course of a bug that would not utilize the cached AT when an
application requests an AT with an empty scope value. This fix might have
also fixed other unknown bugs.
* Improved the user prompt message for autoload when the application does
not send an application_hint
* Improved error handling when refresh token wrong
* Fix a bug related to the confirm feature: after a request is declined it
was impossible to get an access token for this configuration without
reloading the configuration.
.
[ Gabriel Zachmann ]
* Changed the type of the UNIX domain socket used for communciating with
oidc-agent from SOCK_SEQPACKET to SOCK_STREAM
* This allows forwarding of the oidc-agent through ssh
* Added getAccessToken2 to liboidc-agent
* Access tokens can now be requested by issuer url; the suer can set an
default account config for each issuer
* Added the correlating functions to liboidc-agent
* oidc-token can now also be used with issuer urls
.
[ Gabriel Zachmann]
* Added the elixir public client to the list of public clients
.
[ Gabriel Zachmann ]
* Fixed a segfault if the pubclients.conf file does not exist
* Fixed segfault if the issuer.config in the oidc-agent directory doesn't
exist and an AT is requested by issuer.
* Fixed behavior of oidc-gen -p when the passed file does not exist.
.
[ Gabriel Zachmann ]
* Support on MacOS
.
[ Gabriel Zachmann ]
* Fixed a bug that did not save the information from dynamic client
registration (did not save merged data).
* Updated the cJSON library
.
[ Gabriel Zachmann ]
* Fixed a bug due to which no error message was displayed when trying to
load an account configuration and the oidc-agent directory was not
accessible for oidc-add.
* This bug also caused the agent to crash if oidc-token was used to load
this account configuration on the fly and the oidc-agent directory was
not accessible for oidc-agent.
.
[ Gabriel Zachmann ]
* Add possibility to allow applications that run under another user access
to the agent by using the --with-group option
.
[ Marcus Hardt ]
* Add debhelper-token
* Remove build-essential from Build-Depends
* Improve clean target to fix "source-is-missing" lintian warnings
.
[ Gabriel Zachmann ]
* Add possibility to avoid custom uri scheme (useful when running on a
remote server)
* Fixed bug with doubled communication when not all required scopes could be
registered
* Now displaying warning message when client regstration could not register
all requested scopes.
.
[ Gabriel Zachmann ]
* Add public clients for deep and extreme datacloud
.
[ Gabriel Zachmann ]
* Add public clients for iam-demo.cloud.cnaf.infn.it
.
[ Gabriel Zachmann ]
* Fixed bug that might cause problems with providers that do not support
PKCE. No longer sending code_verifier on auth code exchange requests.
.
[ Gabriel Zachmann ]
* Fixed some spelling errors.
* Fix X11 settings only adjusted when the configuration file already exists.
* Increased oidc-gen polling interval and duration.
* oidc-gen now displays the scopes supported by the provider.
* Scopes provided to oidc-gen are no longer intersected with the supported
scopes.
.
[ Gabriel Zachmann ]
* Improve RPM build
.
[ Gabriel Zachmann ]
* Fix scope lookup not using cert path.
* Exit oidc-gen when error during scope lookup.
* Add option to oidc-token to specify name of calling application.
* Add option to oidc-add to list currently loaded accounts.
* Fix no-scheme option not working if first url is scheme url.
* Add option to oidc-agent that allows log message printed to stderr.
* Fix that some information is printed to stderr instead of stdout.
* Fix scopes not set when using password flow.
* Add support to request tokens with specific audience.
* Add wlcg.cloud.cnaf.infn.it
* Add public client for wlcg.cloud.cnaf.infn.it
* Update cJSON library.
* Add --id-token option to oidc-token to request an id-token from the
agent.
* Fix some minor bugs.
* Add oidc-keychain to reuse oidc-agent across logins
.
[ Gabriel Zachmann ]
* Remove dot files from oidc-add and oidc-gen -l
* Add a header line for oidc-add -a
.
[ Gabriel Zachmann ]
* Add aai-demo.egi.eu
* Add public client for aai-demo.egi.eu
.
[ Gabriel Zachmann ]
* Fix --pw-cmd not correctly working when output does not end with newline
character
* Fix duplicated output of oidc-agent when redirecting
* Fix oidc-agent dies when client disconnects before agent can write back.
.
[ Gabriel Zachmann ]
* Updated the issuer urls of HDF.
* Fix bash completion of shortnames if $OIDC_CONFIG_DIR is used.
.
[ Gabriel Zachmann ]
* Add possibility for force a new AT through oidc-token.
* Add status command to oidc-agent to get information about the currently
running agent.
* Allow users to rename accounts.
* Write temporary data to oidc-agent instead of tmp file.
* Fix seg fault in oidc-gen issuer selection when selecting 0
* Delete oidc client when deleting agent configuration.
* Improved bash completion of oidc-gen short options.
* Add --pw-file option to read decryption password from file
* Improve password prompt on autoload.
* On default cnid (oidc-gen) is set to the hostname; so the hostname is
included in the client name.
* oidc-gen is now completely non-interactive
* Added several new options for passing information to oidc-gen
* User can now choose between cli and gui prompts.
* Fix bug where oidc-gen would use a public client instead of aborting when
generating a account configuration with a shortname that is already
loaded.
* When the 'max' keyword is used for scopes and a public client is used,
this now uses the maximum scopes for that public client, not the issuer.
* Fixes a possible conflict between the application type 'web' and custom
scheme redirect uris.
* Update cJSON library.
QA information
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License -
–
Package is not in Debian
-
–
Package has lintian warningsliboidc-agent4oidc-agent
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
oidc-agent source -
W
desktop-command-not-in-package
-
–
"Maintainer" email is the same as the uploader
-
–
Package is native
format: 3.0 (native) -
–
Watch file is not present
-
–
Package uses debhelper-compatDebhelper compatibility level 9
-
–
Package uploaded for the UNRELEASED distribution
Comments
No comments
Upload #6
Information
| Version: | 4.0.0 |
|---|---|
| Uploaded: | 2020-07-29 12:40 |
| Source package: | oidc-agent_4.0.0.dsc |
| Distribution: | UNRELEASED |
| Section: | misc |
| Priority: | optional |
| Homepage: | https://github.com/indigo-dc/oidc-agent/ |
| Vcs-Git: | https://github.com/indigo-dc/oidc-agent.git |
| Vcs-browser: | https://github.com/indigo-dc/oidc-agent |
Changelog
oidc-agent (4.0.0) UNRELEASED; urgency=medium
.
[ Marcus hardt ]
* Trying to fix debuild messages
* Updated dependency versions
.
[ Gabriel Zachmann ]
* Fixes dependencies versions
* adds man pages
.
[ Gabriel Zachmann ]
* Support for Authorization Code Flow
* Support for Device Flow
* Support for user defined scopes
* Couple of minor improvements
* Couple of bugfixes
.
[ Gabriel Zachmann ]
* Support for providing the device authorization endpoint manually
.
[ Gabriel Zachmann ]
* Removed https://perun.elixir-czech.cz/oidc/ from issuer.config.
.
[ Marcus Hardt ]
* Add IAM of DEEP to issuer.conf
* Also accept libcurl4 as a dependency
.
[ Gabriel Zachmann ]
* Adds documentation notes on expiring refresh tokens
.
[ Gabriel Zachmann ]
* Adds possibility to build the C-API as static library
* oidc-token now uses this library
.
[ Gabriel Zachmann ]
* fixed segmentation fault for an unchecked file existence
.
[ Gabriel Zachmann ]
* Fixes static library
* Includes Refactoring
* Hides client secret
* Adds optional client name identifier when using dynamic registration
* Optionally prints the device code url QR-code directly to the terminal
* Validation for redirect url format
* Fixes some typos
* Backward-compatible API-change: ipc access token requests now also contain
the associated issuer; also the C-API includes it
.
[ Gabriel Zachmann ]
* Replaces JSON Parser Library
* On default only one configuration file for client and account config is
generated.
* json and list dependencies are now included as source files not as a static
library
* oidc-agent can now be started with a default lifetime for account
configurations
* a lifetime can be specified when using oidc-add
* Better no_color support.
* Memory encryption: Encrypting refresh_token and client credentials when
not used.
* oidc-agent can now be locked. This includes additional encryption for access
tokens, refresh tokens and client credentials.
* Supporting seccomp (can be turned off) to restrict system calls
* Automatic call of authorization url can be turned off
* Adds support for bash-completion
* Changes to command line arguments: no longer using space delimited strings
* Removed the feature to list the currently loaded account configurations
* Token Request can now include an application hint
* Token Request Response now includes expires_at
* Unloading accounts does not require a password anymore
* Added option to unload all loaded accounts.
* Improvements to the memory management
* Fixed a bug where automatic account generation failed after successful
dynamic client registration.
* Improved UX: checking if oidc-add can connect to agent before prompting
for encryption password
.
[ Gabriel Zachmann ]
* Fixes a bug related to merging json objects
* Improves UI: oidc-gen now does not prompt for refresh token. Use the --rt
option insted.
* Improves UI: oidc-gen only prompts for credentials if using the password
flow
* Improved flow internal handling of dynamic client registration
* Fixes a missing seccomp syscall
.
[ Gabriel Zachmann ]
* Fixed a bug that disabled seccomp for oidc-add and oidc-token
* Internal Improvements to bash-completion
* Fixed a bug where dyn client reg would fail if the preselected scope was
modified.
.
[ Gabriel Zachmann ]
* Fixed a bug that autoremoved also accounts with infinite lifetime when an
account with limited lifetime expired
* Added missing seccomp syscalls
* Fixed a bug that broke bash completion
* Fixed possible segmentation faults
* Disabled seccomp on default
* Disables Tracing: Cannot attach using ptrace
.
[ Gabriel Zachmann ]
* Now using base64 encoding instead of hex encoding for all new encryptions
* Updated the config file format used for all new encryptions; this includes
the version it was generated with
* Added possibility to update a config file to the newest file format /
encryption
* Improved the en/decryption, so that all parameters needed are now saved
(linked to the file format)
* Fixed seg faults
* Allows usage of cjson package instead of included source files
* Fixed double response from oidc-agent for check request if agent locked
* Changes to the libsodium depencency: required newer version, now included
as static library
* Now providing a shared library and not only a static library
* The shared library is provided in the liboidc-agent2 package, the needed
development files in the liboidc-agent-dev package
* Fixed invalid read in stringToJSON
* Fixed possible double frees when the already set value is passed to a
setter
* Fixed missing authentication for device code access token requests
* Now allowing using OIDPs that support the device flow, but don't advertise
it by using the oidc-gen --dae option
* Improved UX: checking if oidc-gen can connect to agent before prompting
the user for any information
* Support for IPC encryption: oidc-add and oidc-gen now only communicate in
an encrypted way with oidc-agent
* Fixed a bug where the grant_type parameter was falsly included in the auth
code url
* Improved the account listing output
.
[ Gabriel Zachmann ]
* Fixed a bug causing problems with the device flow
* Fixed memory leaks
.
[ Gabriel Zachmann ]
* Fixed a bug due to which errors during token revocation were ignored
* Fixed a bug displaying a (wrong) error message when token revocation
succeeded and the server answered with an empty response when using
encrypted ipc communication
* Fixed a bug where the browser would not redirect to the webserver when the
chosen port was to high
* Fixed a sementation fault if the config tmp file did not contain the
account shortname
* Fixed broken bash-completion when oidcdir did not yet exist
.
[ Gabriel Zachmann ]
* Fixed build error if bin dir not existed
* Fixed a problem with unity OP where access token did not have any scope
* Fixed strange additional parameters in the auth code exchange request
* Fixed superfluous error logs when checking if a string is a json object
* Changed encoding for memory encryption from hex to base64
.
[ Gabriel Zachmann ]
* Fixed a bug due to which oidc-agent would return a wrong already loaded
account config when generating a new account config
* Improved error handling when no authorization flow possible
* Fixed a seg fault when dynamic client registration failed
* Fixed a seg fault in memory decryption if account config does not have a
client secret (public client)
* Added support for PKCE
* Added support for public clients
* Fixed a bug where it was possible to display issuer urls that only differ
in the trayling slash twice when using oidc-gen
* Enforce usage of openid and offline_access scope in all cases
.
[ Gabriel Zachmann ]
* Improve error message when necessary scopes cannot be registered during
dynamic client registration
* If necessary scopes cannot be registered during dynamic client
registration, a public client is tried
* Fixed memory leaks
* Allow updating of public clients by using the -m and --pub option
.
[ Gabriel Zachmann ]
* Added public client for aai.egi.eu
.
[ Gabriel Zachmann ]
* Added environment variable to manually specify the oidc-agent config
directory location
* Added option to manually specify the used redirect port during dynamic
client registration
.
[ Gabriel Zachmann ]
* Fixed file locations when using a custom oidcdir (through env var) and the
path value did not have a trailing slash
* Fixed a possible seg fault
.
[ Gabriel Zachmann ]
* Fixed a bug that made it impossible to use the device flow
.
[ Gabriel Zachmann ]
* Removed an unnecessary client_id from post data, that caused problems with
iam when using the device flow.
.
[ Gabriel Zachmann ]
* Changed the fundamental architecture by introducing a new proxy daemon
* Now an account config can be updated by oidc-agent, i.e. when a provider
issues a new refresh token
* oidc-agent can manage the encryption password: store encrypted in memory,
use keyring, use user provided command, or prompt the user
* Added autoload possibility. If an application requests an access token for a
not loaded config, it is automatically loaded, if the user allows it.
* Added possibility that each usage of an account configuration has to be
confirmed by the user. Can be turned on by using oidc-add -c or oidc-agent
-c
* Changed the oidc-agent console module flag from -c to -d
* Changed the default port for redirect urls when using dynamic client
registration from 2912 to 4242
* Added encryption for the communciation between agent and its httpserver
* Added possibility to complete account generation with the url a user is
redirected to
* Fixed possible seg faults
.
[ Gabriel Zachmann ]
* Added support for custom uri scheme redirect uris
* Added support for doing the auth code flow without a webserver
* Added public clients for HBP, Elixir
* Added support for XSession integration
* Various bug fixes and other improvements
* Allow -u to encrypt unencrypted files, not only reencrypting already
encrypted files
* When using oidc-gen --delete the account config now does not have to be
loaded. The refresh token can also be revoked if not loaded.
* Added --reauthenticate option to oidc-gen to easily update the refresh
token without changing any other metadata
* En-/Decryption password prompts can be done noninteractive using the
--pw-cmd option
* Improved documentation
* Fixed some memory leaks
* Fixed a seg fault when locking an agent that has a public client loaded
* Fixed other possible seg faults
* Improved usability of oidc-gen and other enhancements
.
[ Gabriel Zachmann ]
* Fixed the course of a bug that would not utilize the cached AT when an
application requests an AT with an empty scope value. This fix might have
also fixed other unknown bugs.
* Improved the user prompt message for autoload when the application does
not send an application_hint
* Improved error handling when refresh token wrong
* Fix a bug related to the confirm feature: after a request is declined it
was impossible to get an access token for this configuration without
reloading the configuration.
.
[ Gabriel Zachmann ]
* Changed the type of the UNIX domain socket used for communciating with
oidc-agent from SOCK_SEQPACKET to SOCK_STREAM
* This allows forwarding of the oidc-agent through ssh
* Added getAccessToken2 to liboidc-agent
* Access tokens can now be requested by issuer url; the suer can set an
default account config for each issuer
* Added the correlating functions to liboidc-agent
* oidc-token can now also be used with issuer urls
.
[ Gabriel Zachmann]
* Added the elixir public client to the list of public clients
.
[ Gabriel Zachmann ]
* Fixed a segfault if the pubclients.conf file does not exist
* Fixed segfault if the issuer.config in the oidc-agent directory doesn't
exist and an AT is requested by issuer.
* Fixed behavior of oidc-gen -p when the passed file does not exist.
.
[ Gabriel Zachmann ]
* Support on MacOS
.
[ Gabriel Zachmann ]
* Fixed a bug that did not save the information from dynamic client
registration (did not save merged data).
* Updated the cJSON library
.
[ Gabriel Zachmann ]
* Fixed a bug due to which no error message was displayed when trying to
load an account configuration and the oidc-agent directory was not
accessible for oidc-add.
* This bug also caused the agent to crash if oidc-token was used to load
this account configuration on the fly and the oidc-agent directory was
not accessible for oidc-agent.
.
[ Gabriel Zachmann ]
* Add possibility to allow applications that run under another user access
to the agent by using the --with-group option
.
[ Marcus Hardt ]
* Add debhelper-token
* Remove build-essential from Build-Depends
* Improve clean target to fix "source-is-missing" lintian warnings
.
[ Gabriel Zachmann ]
* Add possibility to avoid custom uri scheme (useful when running on a
remote server)
* Fixed bug with doubled communication when not all required scopes could be
registered
* Now displaying warning message when client regstration could not register
all requested scopes.
.
[ Gabriel Zachmann ]
* Add public clients for deep and extreme datacloud
.
[ Gabriel Zachmann ]
* Add public clients for iam-demo.cloud.cnaf.infn.it
.
[ Gabriel Zachmann ]
* Fixed bug that might cause problems with providers that do not support
PKCE. No longer sending code_verifier on auth code exchange requests.
.
[ Gabriel Zachmann ]
* Fixed some spelling errors.
* Fix X11 settings only adjusted when the configuration file already exists.
* Increased oidc-gen polling interval and duration.
* oidc-gen now displays the scopes supported by the provider.
* Scopes provided to oidc-gen are no longer intersected with the supported
scopes.
.
[ Gabriel Zachmann ]
* Improve RPM build
.
[ Gabriel Zachmann ]
* Fix scope lookup not using cert path.
* Exit oidc-gen when error during scope lookup.
* Add option to oidc-token to specify name of calling application.
* Add option to oidc-add to list currently loaded accounts.
* Fix no-scheme option not working if first url is scheme url.
* Add option to oidc-agent that allows log message printed to stderr.
* Fix that some information is printed to stderr instead of stdout.
* Fix scopes not set when using password flow.
* Add support to request tokens with specific audience.
* Add wlcg.cloud.cnaf.infn.it
* Add public client for wlcg.cloud.cnaf.infn.it
* Update cJSON library.
* Add --id-token option to oidc-token to request an id-token from the
agent.
* Fix some minor bugs.
* Add oidc-keychain to reuse oidc-agent across logins
.
[ Gabriel Zachmann ]
* Remove dot files from oidc-add and oidc-gen -l
* Add a header line for oidc-add -a
.
[ Gabriel Zachmann ]
* Add aai-demo.egi.eu
* Add public client for aai-demo.egi.eu
.
[ Gabriel Zachmann ]
* Fix --pw-cmd not correctly working when output does not end with newline
character
* Fix duplicated output of oidc-agent when redirecting
* Fix oidc-agent dies when client disconnects before agent can write back.
.
[ Gabriel Zachmann ]
* Updated the issuer urls of HDF.
* Fix bash completion of shortnames if $OIDC_CONFIG_DIR is used.
.
[ Gabriel Zachmann ]
* Add possibility for force a new AT through oidc-token.
* Add status command to oidc-agent to get information about the currently
running agent.
* Allow users to rename accounts.
* Write temporary data to oidc-agent instead of tmp file.
* Fix seg fault in oidc-gen issuer selection when selecting 0
* Delete oidc client when deleting agent configuration.
* Improved bash completion of oidc-gen short options.
* Add --pw-file option to read decryption password from file
* Improve password prompt on autoload.
* On default cnid (oidc-gen) is set to the hostname; so the hostname is
included in the client name.
* oidc-gen is now completely non-interactive
* Added several new options for passing information to oidc-gen
* User can now choose between cli and gui prompts.
* Fix bug where oidc-gen would use a public client instead of aborting when
generating a account configuration with a shortname that is already
loaded.
* When the 'max' keyword is used for scopes and a public client is used,
this now uses the maximum scopes for that public client, not the issuer.
* Fixes a possible conflict between the application type 'web' and custom
scheme redirect uris.
* Update cJSON library.
QA information
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License -
–
Package is not in Debian
-
–
Package has lintian warningsliboidc-agent4
-
X
exit-in-shared-library
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.4.0.0
-
I
no-symbols-control-file
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.4.0.0
oidc-agent-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
oidc-agent source-
W
package-uses-deprecated-debhelper-compat-version
- 9
-
I
unreleased-changelog-distribution
-
P
cute-field
- debian/control@source Vcs-browser vs Vcs-Browser
-
X
exit-in-shared-library
-
–
"Maintainer" email is the same as the uploader
-
–
Package is native
format: 3.0 (native) -
–
Watch file is not present
-
–
Package uses debhelper-compatDebhelper compatibility level 9
-
–
Package uploaded for the UNRELEASED distribution
Comments
No comments
Upload #5
Information
| Version: | 4.0.0 |
|---|---|
| Uploaded: | 2020-07-28 15:10 |
| Source package: | oidc-agent_4.0.0.dsc |
| Distribution: | UNRELEASED |
| Section: | misc |
| Priority: | optional |
| Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Changelog
oidc-agent (4.0.0) UNRELEASED; urgency=medium
.
[ Marcus hardt ]
* Trying to fix debuild messages
* Updated dependency versions
.
[ Gabriel Zachmann ]
* Fixes dependencies versions
* adds man pages
.
[ Gabriel Zachmann ]
* Support for Authorization Code Flow
* Support for Device Flow
* Support for user defined scopes
* Couple of minor improvements
* Couple of bugfixes
.
[ Gabriel Zachmann ]
* Support for providing the device authorization endpoint manually
.
[ Gabriel Zachmann ]
* Removed https://perun.elixir-czech.cz/oidc/ from issuer.config.
.
[ Marcus Hardt ]
* Add IAM of DEEP to issuer.conf
* Also accept libcurl4 as a dependency
.
[ Gabriel Zachmann ]
* Adds documentation notes on expiring refresh tokens
.
[ Gabriel Zachmann ]
* Adds possibility to build the C-API as static library
* oidc-token now uses this library
.
[ Gabriel Zachmann ]
* fixed segmentation fault for an unchecked file existence
.
[ Gabriel Zachmann ]
* Fixes static library
* Includes Refactoring
* Hides client secret
* Adds optional client name identifier when using dynamic registration
* Optionally prints the device code url QR-code directly to the terminal
* Validation for redirect url format
* Fixes some typos
* Backward-compatible API-change: ipc access token requests now also contain
the associated issuer; also the C-API includes it
.
[ Gabriel Zachmann ]
* Replaces JSON Parser Library
* On default only one configuration file for client and account config is
generated.
* json and list dependencies are now included as source files not as a static
library
* oidc-agent can now be started with a default lifetime for account
configurations
* a lifetime can be specified when using oidc-add
* Better no_color support.
* Memory encryption: Encrypting refresh_token and client credentials when
not used.
* oidc-agent can now be locked. This includes additional encryption for access
tokens, refresh tokens and client credentials.
* Supporting seccomp (can be turned off) to restrict system calls
* Automatic call of authorization url can be turned off
* Adds support for bash-completion
* Changes to command line arguments: no longer using space delimited strings
* Removed the feature to list the currently loaded account configurations
* Token Request can now include an application hint
* Token Request Response now includes expires_at
* Unloading accounts does not require a password anymore
* Added option to unload all loaded accounts.
* Improvements to the memory management
* Fixed a bug where automatic account generation failed after successful
dynamic client registration.
* Improved UX: checking if oidc-add can connect to agent before prompting
for encryption password
.
[ Gabriel Zachmann ]
* Fixes a bug related to merging json objects
* Improves UI: oidc-gen now does not prompt for refresh token. Use the --rt
option insted.
* Improves UI: oidc-gen only prompts for credentials if using the password
flow
* Improved flow internal handling of dynamic client registration
* Fixes a missing seccomp syscall
.
[ Gabriel Zachmann ]
* Fixed a bug that disabled seccomp for oidc-add and oidc-token
* Internal Improvements to bash-completion
* Fixed a bug where dyn client reg would fail if the preselected scope was
modified.
.
[ Gabriel Zachmann ]
* Fixed a bug that autoremoved also accounts with infinite lifetime when an
account with limited lifetime expired
* Added missing seccomp syscalls
* Fixed a bug that broke bash completion
* Fixed possible segmentation faults
* Disabled seccomp on default
* Disables Tracing: Cannot attach using ptrace
.
[ Gabriel Zachmann ]
* Now using base64 encoding instead of hex encoding for all new encryptions
* Updated the config file format used for all new encryptions; this includes
the version it was generated with
* Added possibility to update a config file to the newest file format /
encryption
* Improved the en/decryption, so that all parameters needed are now saved
(linked to the file format)
* Fixed seg faults
* Allows usage of cjson package instead of included source files
* Fixed double response from oidc-agent for check request if agent locked
* Changes to the libsodium depencency: required newer version, now included
as static library
* Now providing a shared library and not only a static library
* The shared library is provided in the liboidc-agent2 package, the needed
development files in the liboidc-agent-dev package
* Fixed invalid read in stringToJSON
* Fixed possible double frees when the already set value is passed to a
setter
* Fixed missing authentication for device code access token requests
* Now allowing using OIDPs that support the device flow, but don't advertise
it by using the oidc-gen --dae option
* Improved UX: checking if oidc-gen can connect to agent before prompting
the user for any information
* Support for IPC encryption: oidc-add and oidc-gen now only communicate in
an encrypted way with oidc-agent
* Fixed a bug where the grant_type parameter was falsly included in the auth
code url
* Improved the account listing output
.
[ Gabriel Zachmann ]
* Fixed a bug causing problems with the device flow
* Fixed memory leaks
.
[ Gabriel Zachmann ]
* Fixed a bug due to which errors during token revocation were ignored
* Fixed a bug displaying a (wrong) error message when token revocation
succeeded and the server answered with an empty response when using
encrypted ipc communication
* Fixed a bug where the browser would not redirect to the webserver when the
chosen port was to high
* Fixed a sementation fault if the config tmp file did not contain the
account shortname
* Fixed broken bash-completion when oidcdir did not yet exist
.
[ Gabriel Zachmann ]
* Fixed build error if bin dir not existed
* Fixed a problem with unity OP where access token did not have any scope
* Fixed strange additional parameters in the auth code exchange request
* Fixed superfluous error logs when checking if a string is a json object
* Changed encoding for memory encryption from hex to base64
.
[ Gabriel Zachmann ]
* Fixed a bug due to which oidc-agent would return a wrong already loaded
account config when generating a new account config
* Improved error handling when no authorization flow possible
* Fixed a seg fault when dynamic client registration failed
* Fixed a seg fault in memory decryption if account config does not have a
client secret (public client)
* Added support for PKCE
* Added support for public clients
* Fixed a bug where it was possible to display issuer urls that only differ
in the trayling slash twice when using oidc-gen
* Enforce usage of openid and offline_access scope in all cases
.
[ Gabriel Zachmann ]
* Improve error message when necessary scopes cannot be registered during
dynamic client registration
* If necessary scopes cannot be registered during dynamic client
registration, a public client is tried
* Fixed memory leaks
* Allow updating of public clients by using the -m and --pub option
.
[ Gabriel Zachmann ]
* Added public client for aai.egi.eu
.
[ Gabriel Zachmann ]
* Added environment variable to manually specify the oidc-agent config
directory location
* Added option to manually specify the used redirect port during dynamic
client registration
.
[ Gabriel Zachmann ]
* Fixed file locations when using a custom oidcdir (through env var) and the
path value did not have a trailing slash
* Fixed a possible seg fault
.
[ Gabriel Zachmann ]
* Fixed a bug that made it impossible to use the device flow
.
[ Gabriel Zachmann ]
* Removed an unnecessary client_id from post data, that caused problems with
iam when using the device flow.
.
[ Gabriel Zachmann ]
* Changed the fundamental architecture by introducing a new proxy daemon
* Now an account config can be updated by oidc-agent, i.e. when a provider
issues a new refresh token
* oidc-agent can manage the encryption password: store encrypted in memory,
use keyring, use user provided command, or prompt the user
* Added autoload possibility. If an application requests an access token for a
not loaded config, it is automatically loaded, if the user allows it.
* Added possibility that each usage of an account configuration has to be
confirmed by the user. Can be turned on by using oidc-add -c or oidc-agent
-c
* Changed the oidc-agent console module flag from -c to -d
* Changed the default port for redirect urls when using dynamic client
registration from 2912 to 4242
* Added encryption for the communciation between agent and its httpserver
* Added possibility to complete account generation with the url a user is
redirected to
* Fixed possible seg faults
.
[ Gabriel Zachmann ]
* Added support for custom uri scheme redirect uris
* Added support for doing the auth code flow without a webserver
* Added public clients for HBP, Elixir
* Added support for XSession integration
* Various bug fixes and other improvements
* Allow -u to encrypt unencrypted files, not only reencrypting already
encrypted files
* When using oidc-gen --delete the account config now does not have to be
loaded. The refresh token can also be revoked if not loaded.
* Added --reauthenticate option to oidc-gen to easily update the refresh
token without changing any other metadata
* En-/Decryption password prompts can be done noninteractive using the
--pw-cmd option
* Improved documentation
* Fixed some memory leaks
* Fixed a seg fault when locking an agent that has a public client loaded
* Fixed other possible seg faults
* Improved usability of oidc-gen and other enhancements
.
[ Gabriel Zachmann ]
* Fixed the course of a bug that would not utilize the cached AT when an
application requests an AT with an empty scope value. This fix might have
also fixed other unknown bugs.
* Improved the user prompt message for autoload when the application does
not send an application_hint
* Improved error handling when refresh token wrong
* Fix a bug related to the confirm feature: after a request is declined it
was impossible to get an access token for this configuration without
reloading the configuration.
.
[ Gabriel Zachmann ]
* Changed the type of the UNIX domain socket used for communciating with
oidc-agent from SOCK_SEQPACKET to SOCK_STREAM
* This allows forwarding of the oidc-agent through ssh
* Added getAccessToken2 to liboidc-agent
* Access tokens can now be requested by issuer url; the suer can set an
default account config for each issuer
* Added the correlating functions to liboidc-agent
* oidc-token can now also be used with issuer urls
.
[ Gabriel Zachmann]
* Added the elixir public client to the list of public clients
.
[ Gabriel Zachmann ]
* Fixed a segfault if the pubclients.conf file does not exist
* Fixed segfault if the issuer.config in the oidc-agent directory doesn't
exist and an AT is requested by issuer.
* Fixed behavior of oidc-gen -p when the passed file does not exist.
.
[ Gabriel Zachmann ]
* Support on MacOS
.
[ Gabriel Zachmann ]
* Fixed a bug that did not save the information from dynamic client
registration (did not save merged data).
* Updated the cJSON library
.
[ Gabriel Zachmann ]
* Fixed a bug due to which no error message was displayed when trying to
load an account configuration and the oidc-agent directory was not
accessible for oidc-add.
* This bug also caused the agent to crash if oidc-token was used to load
this account configuration on the fly and the oidc-agent directory was
not accessible for oidc-agent.
.
[ Gabriel Zachmann ]
* Add possibility to allow applications that run under another user access
to the agent by using the --with-group option
.
[ Marcus Hardt ]
* Add debhelper-token
* Remove build-essential from Build-Depends
* Improve clean target to fix "source-is-missing" lintian warnings
.
[ Gabriel Zachmann ]
* Add possibility to avoid custom uri scheme (useful when running on a
remote server)
* Fixed bug with doubled communication when not all required scopes could be
registered
* Now displaying warning message when client regstration could not register
all requested scopes.
.
[ Gabriel Zachmann ]
* Add public clients for deep and extreme datacloud
.
[ Gabriel Zachmann ]
* Add public clients for iam-demo.cloud.cnaf.infn.it
.
[ Gabriel Zachmann ]
* Fixed bug that might cause problems with providers that do not support
PKCE. No longer sending code_verifier on auth code exchange requests.
.
[ Gabriel Zachmann ]
* Fixed some spelling errors.
* Fix X11 settings only adjusted when the configuration file already exists.
* Increased oidc-gen polling interval and duration.
* oidc-gen now displays the scopes supported by the provider.
* Scopes provided to oidc-gen are no longer intersected with the supported
scopes.
.
[ Gabriel Zachmann ]
* Improve RPM build
.
[ Gabriel Zachmann ]
* Fix scope lookup not using cert path.
* Exit oidc-gen when error during scope lookup.
* Add option to oidc-token to specify name of calling application.
* Add option to oidc-add to list currently loaded accounts.
* Fix no-scheme option not working if first url is scheme url.
* Add option to oidc-agent that allows log message printed to stderr.
* Fix that some information is printed to stderr instead of stdout.
* Fix scopes not set when using password flow.
* Add support to request tokens with specific audience.
* Add wlcg.cloud.cnaf.infn.it
* Add public client for wlcg.cloud.cnaf.infn.it
* Update cJSON library.
* Add --id-token option to oidc-token to request an id-token from the
agent.
* Fix some minor bugs.
* Add oidc-keychain to reuse oidc-agent across logins
.
[ Gabriel Zachmann ]
* Remove dot files from oidc-add and oidc-gen -l
* Add a header line for oidc-add -a
.
[ Gabriel Zachmann ]
* Add aai-demo.egi.eu
* Add public client for aai-demo.egi.eu
.
[ Gabriel Zachmann ]
* Fix --pw-cmd not correctly working when output does not end with newline
character
* Fix duplicated output of oidc-agent when redirecting
* Fix oidc-agent dies when client disconnects before agent can write back.
.
[ Gabriel Zachmann ]
* Updated the issuer urls of HDF.
* Fix bash completion of shortnames if $OIDC_CONFIG_DIR is used.
.
[ Gabriel Zachmann ]
* Add possibility for force a new AT through oidc-token.
* Add status command to oidc-agent to get information about the currently
running agent.
* Allow users to rename accounts.
* Write temporary data to oidc-agent instead of tmp file.
* Fix seg fault in oidc-gen issuer selection when selecting 0
* Delete oidc client when deleting agent configuration.
* Improved bash completion of oidc-gen short options.
* Add --pw-file option to read decryption password from file
* Improve password prompt on autoload.
* On default cnid (oidc-gen) is set to the hostname; so the hostname is
included in the client name.
* oidc-gen is now completely non-interactive
* Added several new options for passing information to oidc-gen
* User can now choose between cli and gui prompts.
* Fix bug where oidc-gen would use a public client instead of aborting when
generating a account configuration with a shortname that is already
loaded.
* When the 'max' keyword is used for scopes and a public client is used,
this now uses the maximum scopes for that public client, not the issuer.
* Fixes a possible conflict between the application type 'web' and custom
scheme redirect uris.
* Update cJSON library.
QA information
-
–
d/copyright is in DEP5 format
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License -
–
Package is not in Debian
-
–
No VCS field present
-
–
Package has lintian warningsliboidc-agent4
-
X
exit-in-shared-library
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.4.0.0
-
I
no-symbols-control-file
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.4.0.0
oidc-agent-
W
bash-completion-with-hashbang
- usr/share/bash-completion/completions/oidc-agent
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
oidc-agent source-
W
package-uses-deprecated-debhelper-compat-version
- 9
-
I
binary-control-field-duplicates-source
- field "Section" in package oidc-agent-prompt
-
I
unreleased-changelog-distribution
-
P
trailing-whitespace
- debian/control (line 66)
oidc-agent-prompt -
X
exit-in-shared-library
-
–
"Maintainer" email is the same as the uploader
-
–
Package is native
format: 3.0 (native) -
–
Watch file is not present
-
–
Package uses debhelper-compatDebhelper compatibility level 9
-
–
Package uploaded for the UNRELEASED distribution
Comments
No comments
Upload #4
Information
| Version: | 3.3.2 |
|---|---|
| Uploaded: | 2020-03-24 10:47 |
| Source package: | oidc-agent_3.3.2.dsc |
| Distribution: | unreleased |
| Section: | misc |
| Priority: | optional |
| Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Changelog
[ Marcus hardt ]
* Trying to fix debuild messages
* Updated dependency versions
.
[ Gabriel Zachmann ]
* Fixes dependencies versions
* adds man pages
.
[ Gabriel Zachmann ]
* Support for Authorization Code Flow
* Support for Device Flow
* Support for user defined scopes
* Couple of minor improvements
* Couple of bugfixes
.
[ Gabriel Zachmann ]
* Support for providing the device authorization endpoint manually
.
[ Gabriel Zachmann ]
* Removed https://perun.elixir-czech.cz/oidc/ from issuer.config.
.
[ Marcus Hardt ]
* Add IAM of DEEP to issuer.conf
* Also accept libcurl4 as a dependency
.
[ Gabriel Zachmann ]
* Adds documentation notes on expiring refresh tokens
.
[ Gabriel Zachmann ]
* Adds possibility to build the C-API as static library
* oidc-token now uses this library
.
[ Gabriel Zachmann ]
* fixed segmentation fault for an unchecked file existence
.
[ Gabriel Zachmann ]
* Fixes static library
* Includes Refactoring
* Hides client secret
* Adds optional client name identifier when using dynamic registration
* Optionally prints the device code url QR-code directly to the terminal
* Validation for redirect url format
* Fixes some typos
* Backward-compatible API-change: ipc access token requests now also contain
the associated issuer; also the C-API includes it
.
[ Gabriel Zachmann ]
* Replaces JSON Parser Library
* On default only one configuration file for client and account config is
generated.
* json and list dependencies are now included as source files not as a static
library
* oidc-agent can now be started with a default lifetime for account
configurations
* a lifetime can be specified when using oidc-add
* Better no_color support.
* Memory encryption: Encrypting refresh_token and client credentials when
not used.
* oidc-agent can now be locked. This includes additional encryption for access
tokens, refresh tokens and client credentials.
* Supporting seccomp (can be turned off) to restrict system calls
* Automatic call of authorization url can be turned off
* Adds support for bash-completion
* Changes to command line arguments: no longer using space delimited strings
* Removed the feature to list the currently loaded account configurations
* Token Request can now include an application hint
* Token Request Response now includes expires_at
* Unloading accounts does not require a password anymore
* Added option to unload all loaded accounts.
* Improvements to the memory management
* Fixed a bug where automatic account generation failed after successful
dynamic client registration.
* Improved UX: checking if oidc-add can connect to agent before prompting
for encryption password
.
[ Gabriel Zachmann ]
* Fixes a bug related to merging json objects
* Improves UI: oidc-gen now does not prompt for refresh token. Use the --rt
option insted.
* Improves UI: oidc-gen only prompts for credentials if using the password
flow
* Improved flow internal handling of dynamic client registration
* Fixes a missing seccomp syscall
.
[ Gabriel Zachmann ]
* Fixed a bug that disabled seccomp for oidc-add and oidc-token
* Internal Improvements to bash-completion
* Fixed a bug where dyn client reg would fail if the preselected scope was
modified.
.
[ Gabriel Zachmann ]
* Fixed a bug that autoremoved also accounts with infinite lifetime when an
account with limited lifetime expired
* Added missing seccomp syscalls
* Fixed a bug that broke bash completion
* Fixed possible segmentation faults
* Disabled seccomp on default
* Disables Tracing: Cannot attach using ptrace
.
[ Gabriel Zachmann ]
* Now using base64 encoding instead of hex encoding for all new encryptions
* Updated the config file format used for all new encryptions; this includes
the version it was generated with
* Added possibility to update a config file to the newest file format /
encryption
* Improved the en/decryption, so that all parameters needed are now saved
(linked to the file format)
* Fixed seg faults
* Allows usage of cjson package instead of included source files
* Fixed double response from oidc-agent for check request if agent locked
* Changes to the libsodium depencency: required newer version, now included
as static library
* Now providing a shared library and not only a static library
* The shared library is provided in the liboidc-agent2 package, the needed
development files in the liboidc-agent-dev package
* Fixed invalid read in stringToJSON
* Fixed possible double frees when the already set value is passed to a
setter
* Fixed missing authentication for device code access token requests
* Now allowing using OIDPs that support the device flow, but don't advertise
it by using the oidc-gen --dae option
* Improved UX: checking if oidc-gen can connect to agent before prompting
the user for any information
* Support for IPC encryption: oidc-add and oidc-gen now only communicate in
an encrypted way with oidc-agent
* Fixed a bug where the grant_type parameter was falsly included in the auth
code url
* Improved the account listing output
.
[ Gabriel Zachmann ]
* Fixed a bug causing problems with the device flow
* Fixed memory leaks
.
[ Gabriel Zachmann ]
* Fixed a bug due to which errors during token revocation were ignored
* Fixed a bug displaying a (wrong) error message when token revocation
succeeded and the server answered with an empty response when using
encrypted ipc communication
* Fixed a bug where the browser would not redirect to the webserver when the
chosen port was to high
* Fixed a sementation fault if the config tmp file did not contain the
account shortname
* Fixed broken bash-completion when oidcdir did not yet exist
.
[ Gabriel Zachmann ]
* Fixed build error if bin dir not existed
* Fixed a problem with unity OP where access token did not have any scope
* Fixed strange additional parameters in the auth code exchange request
* Fixed superfluous error logs when checking if a string is a json object
* Changed encoding for memory encryption from hex to base64
.
[ Gabriel Zachmann ]
* Fixed a bug due to which oidc-agent would return a wrong already loaded
account config when generating a new account config
* Improved error handling when no authorization flow possible
* Fixed a seg fault when dynamic client registration failed
* Fixed a seg fault in memory decryption if account config does not have a
client secret (public client)
* Added support for PKCE
* Added support for public clients
* Fixed a bug where it was possible to display issuer urls that only differ
in the trayling slash twice when using oidc-gen
* Enforce usage of openid and offline_access scope in all cases
.
[ Gabriel Zachmann ]
* Improve error message when necessary scopes cannot be registered during
dynamic client registration
* If necessary scopes cannot be registered during dynamic client
registration, a public client is tried
* Fixed memory leaks
* Allow updating of public clients by using the -m and --pub option
.
[ Gabriel Zachmann ]
* Added public client for aai.egi.eu
.
[ Gabriel Zachmann ]
* Added environment variable to manually specify the oidc-agent config
directory location
* Added option to manually specify the used redirect port during dynamic
client registration
.
[ Gabriel Zachmann ]
* Fixed file locations when using a custom oidcdir (through env var) and the
path value did not have a trailing slash
* Fixed a possible seg fault
.
[ Gabriel Zachmann ]
* Fixed a bug that made it impossible to use the device flow
.
[ Gabriel Zachmann ]
* Removed an unnecessary client_id from post data, that caused problems with
iam when using the device flow.
.
[ Gabriel Zachmann ]
* Changed the fundamental architecture by introducing a new proxy daemon
* Now an account config can be updated by oidc-agent, i.e. when a provider
issues a new refresh token
* oidc-agent can manage the encryption password: store encrypted in memory,
use keyring, use user provided command, or prompt the user
* Added autoload possibility. If an application requests an access token for a
not loaded config, it is automatically loaded, if the user allows it.
* Added possibility that each usage of an account configuration has to be
confirmed by the user. Can be turned on by using oidc-add -c or oidc-agent
-c
* Changed the oidc-agent console module flag from -c to -d
* Changed the default port for redirect urls when using dynamic client
registration from 2912 to 4242
* Added encryption for the communciation between agent and its httpserver
* Added possibility to complete account generation with the url a user is
redirected to
* Fixed possible seg faults
.
[ Gabriel Zachmann ]
* Added support for custom uri scheme redirect uris
* Added support for doing the auth code flow without a webserver
* Added public clients for HBP, Elixir
* Added support for XSession integration
* Various bug fixes and other improvements
* Allow -u to encrypt unencrypted files, not only reencrypting already
encrypted files
* When using oidc-gen --delete the account config now does not have to be
loaded. The refresh token can also be revoked if not loaded.
* Added --reauthenticate option to oidc-gen to easily update the refresh
token without changing any other metadata
* En-/Decryption password prompts can be done noninteractive using the
--pw-cmd option
* Improved documentation
* Fixed some memory leaks
* Fixed a seg fault when locking an agent that has a public client loaded
* Fixed other possible seg faults
* Improved usability of oidc-gen and other enhancements
.
[ Gabriel Zachmann ]
* Fixed the course of a bug that would not utilize the cached AT when an
application requests an AT with an empty scope value. This fix might have
also fixed other unknown bugs.
* Improved the user prompt message for autoload when the application does
not send an application_hint
* Improved error handling when refresh token wrong
* Fix a bug related to the confirm feature: after a request is declined it
was impossible to get an access token for this configuration without
reloading the configuration.
.
[ Gabriel Zachmann ]
* Changed the type of the UNIX domain socket used for communciating with
oidc-agent from SOCK_SEQPACKET to SOCK_STREAM
* This allows forwarding of the oidc-agent through ssh
* Added getAccessToken2 to liboidc-agent
* Access tokens can now be requested by issuer url; the suer can set an
default account config for each issuer
* Added the correlating functions to liboidc-agent
* oidc-token can now also be used with issuer urls
.
[ Gabriel Zachmann]
* Added the elixir public client to the list of public clients
.
[ Gabriel Zachmann ]
* Fixed a segfault if the pubclients.conf file does not exist
* Fixed segfault if the issuer.config in the oidc-agent directory doesn't
exist and an AT is requested by issuer.
* Fixed behavior of oidc-gen -p when the passed file does not exist.
.
[ Gabriel Zachmann ]
* Support on MacOS
.
[ Gabriel Zachmann ]
* Fixed a bug that did not save the information from dynamic client
registration (did not save merged data).
* Updated the cJSON library
.
[ Gabriel Zachmann ]
* Fixed a bug due to which no error message was displayed when trying to
load an account configuration and the oidc-agent directory was not
accessible for oidc-add.
* This bug also caused the agent to crash if oidc-token was used to load
this account configuration on the fly and the oidc-agent directory was
not accessible for oidc-agent.
.
[ Gabriel Zachmann ]
* Add possibility to allow applications that run under another user access
to the agent by using the --with-group option
.
[ Marcus Hardt ]
* Add debhelper-token
* Remove build-essential from Build-Depends
* Improve clean target to fix "source-is-missing" lintian warnings
.
[ Gabriel Zachmann ]
* Add possibility to avoid custom uri scheme (useful when running on a
remote server)
* Fixed bug with doubled communication when not all required scopes could be
registered
* Now displaying warning message when client regstration could not register
all requested scopes.
.
[ Gabriel Zachmann ]
* Add public clients for deep and extreme datacloud
.
[ Gabriel Zachmann ]
* Add public clients for iam-demo.cloud.cnaf.infn.it
.
[ Gabriel Zachmann ]
* Fixed bug that might cause problems with providers that do not support
PKCE. No longer sending code_verifier on auth code exchange requests.
.
[ Gabriel Zachmann ]
* Fixed some spelling errors.
* Fix X11 settings only adjusted when the configuration file already exists.
* Increased oidc-gen polling interval and duration.
* oidc-gen now displays the scopes supported by the provider.
* Scopes provided to oidc-gen are no longer intersected with the supported
scopes.
.
[ Gabriel Zachmann ]
* Improve RPM build
.
[ Gabriel Zachmann ]
* Fix scope lookup not using cert path.
* Exit oidc-gen when error during scope lookup.
* Add option to oidc-token to specify name of calling application.
* Add option to oidc-add to list currently loaded accounts.
* Fix no-scheme option not working if first url is scheme url.
* Add option to oidc-agent that allows log message printed to stderr.
* Fix that some information is printed to stderr instead of stdout.
* Fix scopes not set when using password flow.
* Add support to request tokens with specific audience.
* Add wlcg.cloud.cnaf.infn.it
* Add public client for wlcg.cloud.cnaf.infn.it
* Update cJSON library.
* Add --id-token option to oidc-token to request an id-token from the
agent.
* Fix some minor bugs.
* Add oidc-keychain to reuse oidc-agent across logins
.
[ Gabriel Zachmann ]
* Remove dot files from oidc-add and oidc-gen -l
* Add a header line for oidc-add -a
.
[ Gabriel Zachmann ]
* Add aai-demo.egi.eu
* Add public client for aai-demo.egi.eu
QA information
-
–
RFS: license, author and changelog parsed
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License -
–
Package is not in Debian
-
–
Package uses debhelper-compatDebhelper compatibility level 9
-
–
Homepage control field present
-
–
Watch file is not present
uscan_output: None -
–
"Maintainer" email is the same as the uploader
-
–
Package is native
-
–
Package has lintian warningsliboidc-agent3
-
I
no-symbols-control-file
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.3.3.2
-
X
shlib-calls-exit
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.3.3.2
oidc-agent-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
oidc-agent source -
I
no-symbols-control-file
-
–
Package uploaded for the UNRELEASED distribution
Comments
No comments
Upload #3
Information
| Version: | 3.3.2 |
|---|---|
| Uploaded: | 2020-03-24 10:07 |
| Source package: | oidc-agent_3.3.2.dsc |
| Distribution: | unreleased |
| Section: | misc |
| Priority: | optional |
| Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Changelog
[ Marcus hardt ]
* Trying to fix debuild messages
* Updated dependency versions
.
[ Gabriel Zachmann ]
* Fixes dependencies versions
* adds man pages
.
[ Gabriel Zachmann ]
* Support for Authorization Code Flow
* Support for Device Flow
* Support for user defined scopes
* Couple of minor improvements
* Couple of bugfixes
.
[ Gabriel Zachmann ]
* Support for providing the device authorization endpoint manually
.
[ Gabriel Zachmann ]
* Removed https://perun.elixir-czech.cz/oidc/ from issuer.config.
.
[ Marcus Hardt ]
* Add IAM of DEEP to issuer.conf
* Also accept libcurl4 as a dependency
.
[ Gabriel Zachmann ]
* Adds documentation notes on expiring refresh tokens
.
[ Gabriel Zachmann ]
* Adds possibility to build the C-API as static library
* oidc-token now uses this library
.
[ Gabriel Zachmann ]
* fixed segmentation fault for an unchecked file existence
.
[ Gabriel Zachmann ]
* Fixes static library
* Includes Refactoring
* Hides client secret
* Adds optional client name identifier when using dynamic registration
* Optionally prints the device code url QR-code directly to the terminal
* Validation for redirect url format
* Fixes some typos
* Backward-compatible API-change: ipc access token requests now also contain
the associated issuer; also the C-API includes it
.
[ Gabriel Zachmann ]
* Replaces JSON Parser Library
* On default only one configuration file for client and account config is
generated.
* json and list dependencies are now included as source files not as a static
library
* oidc-agent can now be started with a default lifetime for account
configurations
* a lifetime can be specified when using oidc-add
* Better no_color support.
* Memory encryption: Encrypting refresh_token and client credentials when
not used.
* oidc-agent can now be locked. This includes additional encryption for access
tokens, refresh tokens and client credentials.
* Supporting seccomp (can be turned off) to restrict system calls
* Automatic call of authorization url can be turned off
* Adds support for bash-completion
* Changes to command line arguments: no longer using space delimited strings
* Removed the feature to list the currently loaded account configurations
* Token Request can now include an application hint
* Token Request Response now includes expires_at
* Unloading accounts does not require a password anymore
* Added option to unload all loaded accounts.
* Improvements to the memory management
* Fixed a bug where automatic account generation failed after successful
dynamic client registration.
* Improved UX: checking if oidc-add can connect to agent before prompting
for encryption password
.
[ Gabriel Zachmann ]
* Fixes a bug related to merging json objects
* Improves UI: oidc-gen now does not prompt for refresh token. Use the --rt
option insted.
* Improves UI: oidc-gen only prompts for credentials if using the password
flow
* Improved flow internal handling of dynamic client registration
* Fixes a missing seccomp syscall
.
[ Gabriel Zachmann ]
* Fixed a bug that disabled seccomp for oidc-add and oidc-token
* Internal Improvements to bash-completion
* Fixed a bug where dyn client reg would fail if the preselected scope was
modified.
.
[ Gabriel Zachmann ]
* Fixed a bug that autoremoved also accounts with infinite lifetime when an
account with limited lifetime expired
* Added missing seccomp syscalls
* Fixed a bug that broke bash completion
* Fixed possible segmentation faults
* Disabled seccomp on default
* Disables Tracing: Cannot attach using ptrace
.
[ Gabriel Zachmann ]
* Now using base64 encoding instead of hex encoding for all new encryptions
* Updated the config file format used for all new encryptions; this includes
the version it was generated with
* Added possibility to update a config file to the newest file format /
encryption
* Improved the en/decryption, so that all parameters needed are now saved
(linked to the file format)
* Fixed seg faults
* Allows usage of cjson package instead of included source files
* Fixed double response from oidc-agent for check request if agent locked
* Changes to the libsodium depencency: required newer version, now included
as static library
* Now providing a shared library and not only a static library
* The shared library is provided in the liboidc-agent2 package, the needed
development files in the liboidc-agent-dev package
* Fixed invalid read in stringToJSON
* Fixed possible double frees when the already set value is passed to a
setter
* Fixed missing authentication for device code access token requests
* Now allowing using OIDPs that support the device flow, but don't advertise
it by using the oidc-gen --dae option
* Improved UX: checking if oidc-gen can connect to agent before prompting
the user for any information
* Support for IPC encryption: oidc-add and oidc-gen now only communicate in
an encrypted way with oidc-agent
* Fixed a bug where the grant_type parameter was falsly included in the auth
code url
* Improved the account listing output
.
[ Gabriel Zachmann ]
* Fixed a bug causing problems with the device flow
* Fixed memory leaks
.
[ Gabriel Zachmann ]
* Fixed a bug due to which errors during token revocation were ignored
* Fixed a bug displaying a (wrong) error message when token revocation
succeeded and the server answered with an empty response when using
encrypted ipc communication
* Fixed a bug where the browser would not redirect to the webserver when the
chosen port was to high
* Fixed a sementation fault if the config tmp file did not contain the
account shortname
* Fixed broken bash-completion when oidcdir did not yet exist
.
[ Gabriel Zachmann ]
* Fixed build error if bin dir not existed
* Fixed a problem with unity OP where access token did not have any scope
* Fixed strange additional parameters in the auth code exchange request
* Fixed superfluous error logs when checking if a string is a json object
* Changed encoding for memory encryption from hex to base64
.
[ Gabriel Zachmann ]
* Fixed a bug due to which oidc-agent would return a wrong already loaded
account config when generating a new account config
* Improved error handling when no authorization flow possible
* Fixed a seg fault when dynamic client registration failed
* Fixed a seg fault in memory decryption if account config does not have a
client secret (public client)
* Added support for PKCE
* Added support for public clients
* Fixed a bug where it was possible to display issuer urls that only differ
in the trayling slash twice when using oidc-gen
* Enforce usage of openid and offline_access scope in all cases
.
[ Gabriel Zachmann ]
* Improve error message when necessary scopes cannot be registered during
dynamic client registration
* If necessary scopes cannot be registered during dynamic client
registration, a public client is tried
* Fixed memory leaks
* Allow updating of public clients by using the -m and --pub option
.
[ Gabriel Zachmann ]
* Added public client for aai.egi.eu
.
[ Gabriel Zachmann ]
* Added environment variable to manually specify the oidc-agent config
directory location
* Added option to manually specify the used redirect port during dynamic
client registration
.
[ Gabriel Zachmann ]
* Fixed file locations when using a custom oidcdir (through env var) and the
path value did not have a trailing slash
* Fixed a possible seg fault
.
[ Gabriel Zachmann ]
* Fixed a bug that made it impossible to use the device flow
.
[ Gabriel Zachmann ]
* Removed an unnecessary client_id from post data, that caused problems with
iam when using the device flow.
.
[ Gabriel Zachmann ]
* Changed the fundamental architecture by introducing a new proxy daemon
* Now an account config can be updated by oidc-agent, i.e. when a provider
issues a new refresh token
* oidc-agent can manage the encryption password: store encrypted in memory,
use keyring, use user provided command, or prompt the user
* Added autoload possibility. If an application requests an access token for a
not loaded config, it is automatically loaded, if the user allows it.
* Added possibility that each usage of an account configuration has to be
confirmed by the user. Can be turned on by using oidc-add -c or oidc-agent
-c
* Changed the oidc-agent console module flag from -c to -d
* Changed the default port for redirect urls when using dynamic client
registration from 2912 to 4242
* Added encryption for the communciation between agent and its httpserver
* Added possibility to complete account generation with the url a user is
redirected to
* Fixed possible seg faults
.
[ Gabriel Zachmann ]
* Added support for custom uri scheme redirect uris
* Added support for doing the auth code flow without a webserver
* Added public clients for HBP, Elixir
* Added support for XSession integration
* Various bug fixes and other improvements
* Allow -u to encrypt unencrypted files, not only reencrypting already
encrypted files
* When using oidc-gen --delete the account config now does not have to be
loaded. The refresh token can also be revoked if not loaded.
* Added --reauthenticate option to oidc-gen to easily update the refresh
token without changing any other metadata
* En-/Decryption password prompts can be done noninteractive using the
--pw-cmd option
* Improved documentation
* Fixed some memory leaks
* Fixed a seg fault when locking an agent that has a public client loaded
* Fixed other possible seg faults
* Improved usability of oidc-gen and other enhancements
.
[ Gabriel Zachmann ]
* Fixed the course of a bug that would not utilize the cached AT when an
application requests an AT with an empty scope value. This fix might have
also fixed other unknown bugs.
* Improved the user prompt message for autoload when the application does
not send an application_hint
* Improved error handling when refresh token wrong
* Fix a bug related to the confirm feature: after a request is declined it
was impossible to get an access token for this configuration without
reloading the configuration.
.
[ Gabriel Zachmann ]
* Changed the type of the UNIX domain socket used for communciating with
oidc-agent from SOCK_SEQPACKET to SOCK_STREAM
* This allows forwarding of the oidc-agent through ssh
* Added getAccessToken2 to liboidc-agent
* Access tokens can now be requested by issuer url; the suer can set an
default account config for each issuer
* Added the correlating functions to liboidc-agent
* oidc-token can now also be used with issuer urls
.
[ Gabriel Zachmann]
* Added the elixir public client to the list of public clients
.
[ Gabriel Zachmann ]
* Fixed a segfault if the pubclients.conf file does not exist
* Fixed segfault if the issuer.config in the oidc-agent directory doesn't
exist and an AT is requested by issuer.
* Fixed behavior of oidc-gen -p when the passed file does not exist.
.
[ Gabriel Zachmann ]
* Support on MacOS
.
[ Gabriel Zachmann ]
* Fixed a bug that did not save the information from dynamic client
registration (did not save merged data).
* Updated the cJSON library
.
[ Gabriel Zachmann ]
* Fixed a bug due to which no error message was displayed when trying to
load an account configuration and the oidc-agent directory was not
accessible for oidc-add.
* This bug also caused the agent to crash if oidc-token was used to load
this account configuration on the fly and the oidc-agent directory was
not accessible for oidc-agent.
.
[ Gabriel Zachmann ]
* Add possibility to allow applications that run under another user access
to the agent by using the --with-group option
.
[ Marcus Hardt ]
* Add debhelper-token
* Remove build-essential from Build-Depends
* Improve clean target to fix "source-is-missing" lintian warnings
.
[ Gabriel Zachmann ]
* Add possibility to avoid custom uri scheme (useful when running on a
remote server)
* Fixed bug with doubled communication when not all required scopes could be
registered
* Now displaying warning message when client regstration could not register
all requested scopes.
.
[ Gabriel Zachmann ]
* Add public clients for deep and extreme datacloud
.
[ Gabriel Zachmann ]
* Add public clients for iam-demo.cloud.cnaf.infn.it
.
[ Gabriel Zachmann ]
* Fixed bug that might cause problems with providers that do not support
PKCE. No longer sending code_verifier on auth code exchange requests.
.
[ Gabriel Zachmann ]
* Fixed some spelling errors.
* Fix X11 settings only adjusted when the configuration file already exists.
* Increased oidc-gen polling interval and duration.
* oidc-gen now displays the scopes supported by the provider.
* Scopes provided to oidc-gen are no longer intersected with the supported
scopes.
.
[ Gabriel Zachmann ]
* Improve RPM build
.
[ Gabriel Zachmann ]
* Fix scope lookup not using cert path.
* Exit oidc-gen when error during scope lookup.
* Add option to oidc-token to specify name of calling application.
* Add option to oidc-add to list currently loaded accounts.
* Fix no-scheme option not working if first url is scheme url.
* Add option to oidc-agent that allows log message printed to stderr.
* Fix that some information is printed to stderr instead of stdout.
* Fix scopes not set when using password flow.
* Add support to request tokens with specific audience.
* Add wlcg.cloud.cnaf.infn.it
* Add public client for wlcg.cloud.cnaf.infn.it
* Update cJSON library.
* Add --id-token option to oidc-token to request an id-token from the
agent.
* Fix some minor bugs.
* Add oidc-keychain to reuse oidc-agent across logins
.
[ Gabriel Zachmann ]
* Remove dot files from oidc-add and oidc-gen -l
* Add a header line for oidc-add -a
.
[ Gabriel Zachmann ]
* Add aai-demo.egi.eu
* Add public client for aai-demo.egi.eu
QA information
-
–
RFS: license, author and changelog parsed
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License -
–
Watch file is not present
uscan_output: None -
–
"Maintainer" email is the same as the uploader
-
–
Package is native
-
–
Package has lintian warningsliboidc-agent3
-
I
no-symbols-control-file
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.3.3.2
-
I
hardening-no-fortify-functions
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.3.3.2
-
X
shlib-calls-exit
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.3.3.2
oidc-agent-
I
hardening-no-fortify-functions
- usr/bin/oidc-add
- usr/bin/oidc-agent
- usr/bin/oidc-gen
- usr/bin/oidc-token
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
oidc-agent source -
I
no-symbols-control-file
-
–
Package uploaded for the UNRELEASED distribution
-
–
Package is not in Debian
-
–
Package uses debhelper-compatDebhelper compatibility level 9
-
–
Homepage control field present
Comments
No comments
Upload #2
Information
| Version: | 3.3.2 |
|---|---|
| Uploaded: | 2020-03-13 11:39 |
| Source package: | oidc-agent_3.3.2.dsc |
| Distribution: | unreleased |
| Section: | misc |
| Priority: | optional |
| Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Changelog
[ Marcus hardt ]
* Trying to fix debuild messages
* Updated dependency versions
.
[ Gabriel Zachmann ]
* Fixes dependencies versions
* adds man pages
.
[ Gabriel Zachmann ]
* Support for Authorization Code Flow
* Support for Device Flow
* Support for user defined scopes
* Couple of minor improvements
* Couple of bugfixes
.
[ Gabriel Zachmann ]
* Support for providing the device authorization endpoint manually
.
[ Gabriel Zachmann ]
* Removed https://perun.elixir-czech.cz/oidc/ from issuer.config.
.
[ Marcus Hardt ]
* Add IAM of DEEP to issuer.conf
* Also accept libcurl4 as a dependency
.
[ Gabriel Zachmann ]
* Adds documentation notes on expiring refresh tokens
.
[ Gabriel Zachmann ]
* Adds possibility to build the C-API as static library
* oidc-token now uses this library
.
[ Gabriel Zachmann ]
* fixed segmentation fault for an unchecked file existence
.
[ Gabriel Zachmann ]
* Fixes static library
* Includes Refactoring
* Hides client secret
* Adds optional client name identifier when using dynamic registration
* Optionally prints the device code url QR-code directly to the terminal
* Validation for redirect url format
* Fixes some typos
* Backward-compatible API-change: ipc access token requests now also contain
the associated issuer; also the C-API includes it
.
[ Gabriel Zachmann ]
* Replaces JSON Parser Library
* On default only one configuration file for client and account config is
generated.
* json and list dependencies are now included as source files not as a static
library
* oidc-agent can now be started with a default lifetime for account
configurations
* a lifetime can be specified when using oidc-add
* Better no_color support.
* Memory encryption: Encrypting refresh_token and client credentials when
not used.
* oidc-agent can now be locked. This includes additional encryption for access
tokens, refresh tokens and client credentials.
* Supporting seccomp (can be turned off) to restrict system calls
* Automatic call of authorization url can be turned off
* Adds support for bash-completion
* Changes to command line arguments: no longer using space delimited strings
* Removed the feature to list the currently loaded account configurations
* Token Request can now include an application hint
* Token Request Response now includes expires_at
* Unloading accounts does not require a password anymore
* Added option to unload all loaded accounts.
* Improvements to the memory management
* Fixed a bug where automatic account generation failed after successful
dynamic client registration.
* Improved UX: checking if oidc-add can connect to agent before prompting
for encryption password
.
[ Gabriel Zachmann ]
* Fixes a bug related to merging json objects
* Improves UI: oidc-gen now does not prompt for refresh token. Use the --rt
option insted.
* Improves UI: oidc-gen only prompts for credentials if using the password
flow
* Improved flow internal handling of dynamic client registration
* Fixes a missing seccomp syscall
.
[ Gabriel Zachmann ]
* Fixed a bug that disabled seccomp for oidc-add and oidc-token
* Internal Improvements to bash-completion
* Fixed a bug where dyn client reg would fail if the preselected scope was
modified.
.
[ Gabriel Zachmann ]
* Fixed a bug that autoremoved also accounts with infinite lifetime when an
account with limited lifetime expired
* Added missing seccomp syscalls
* Fixed a bug that broke bash completion
* Fixed possible segmentation faults
* Disabled seccomp on default
* Disables Tracing: Cannot attach using ptrace
.
[ Gabriel Zachmann ]
* Now using base64 encoding instead of hex encoding for all new encryptions
* Updated the config file format used for all new encryptions; this includes
the version it was generated with
* Added possibility to update a config file to the newest file format /
encryption
* Improved the en/decryption, so that all parameters needed are now saved
(linked to the file format)
* Fixed seg faults
* Allows usage of cjson package instead of included source files
* Fixed double response from oidc-agent for check request if agent locked
* Changes to the libsodium depencency: required newer version, now included
as static library
* Now providing a shared library and not only a static library
* The shared library is provided in the liboidc-agent2 package, the needed
development files in the liboidc-agent-dev package
* Fixed invalid read in stringToJSON
* Fixed possible double frees when the already set value is passed to a
setter
* Fixed missing authentication for device code access token requests
* Now allowing using OIDPs that support the device flow, but don't advertise
it by using the oidc-gen --dae option
* Improved UX: checking if oidc-gen can connect to agent before prompting
the user for any information
* Support for IPC encryption: oidc-add and oidc-gen now only communicate in
an encrypted way with oidc-agent
* Fixed a bug where the grant_type parameter was falsly included in the auth
code url
* Improved the account listing output
.
[ Gabriel Zachmann ]
* Fixed a bug causing problems with the device flow
* Fixed memory leaks
.
[ Gabriel Zachmann ]
* Fixed a bug due to which errors during token revocation were ignored
* Fixed a bug displaying a (wrong) error message when token revocation
succeeded and the server answered with an empty response when using
encrypted ipc communication
* Fixed a bug where the browser would not redirect to the webserver when the
chosen port was to high
* Fixed a sementation fault if the config tmp file did not contain the
account shortname
* Fixed broken bash-completion when oidcdir did not yet exist
.
[ Gabriel Zachmann ]
* Fixed build error if bin dir not existed
* Fixed a problem with unity OP where access token did not have any scope
* Fixed strange additional parameters in the auth code exchange request
* Fixed superfluous error logs when checking if a string is a json object
* Changed encoding for memory encryption from hex to base64
.
[ Gabriel Zachmann ]
* Fixed a bug due to which oidc-agent would return a wrong already loaded
account config when generating a new account config
* Improved error handling when no authorization flow possible
* Fixed a seg fault when dynamic client registration failed
* Fixed a seg fault in memory decryption if account config does not have a
client secret (public client)
* Added support for PKCE
* Added support for public clients
* Fixed a bug where it was possible to display issuer urls that only differ
in the trayling slash twice when using oidc-gen
* Enforce usage of openid and offline_access scope in all cases
.
[ Gabriel Zachmann ]
* Improve error message when necessary scopes cannot be registered during
dynamic client registration
* If necessary scopes cannot be registered during dynamic client
registration, a public client is tried
* Fixed memory leaks
* Allow updating of public clients by using the -m and --pub option
.
[ Gabriel Zachmann ]
* Added public client for aai.egi.eu
.
[ Gabriel Zachmann ]
* Added environment variable to manually specify the oidc-agent config
directory location
* Added option to manually specify the used redirect port during dynamic
client registration
.
[ Gabriel Zachmann ]
* Fixed file locations when using a custom oidcdir (through env var) and the
path value did not have a trailing slash
* Fixed a possible seg fault
.
[ Gabriel Zachmann ]
* Fixed a bug that made it impossible to use the device flow
.
[ Gabriel Zachmann ]
* Removed an unnecessary client_id from post data, that caused problems with
iam when using the device flow.
.
[ Gabriel Zachmann ]
* Changed the fundamental architecture by introducing a new proxy daemon
* Now an account config can be updated by oidc-agent, i.e. when a provider
issues a new refresh token
* oidc-agent can manage the encryption password: store encrypted in memory,
use keyring, use user provided command, or prompt the user
* Added autoload possibility. If an application requests an access token for a
not loaded config, it is automatically loaded, if the user allows it.
* Added possibility that each usage of an account configuration has to be
confirmed by the user. Can be turned on by using oidc-add -c or oidc-agent
-c
* Changed the oidc-agent console module flag from -c to -d
* Changed the default port for redirect urls when using dynamic client
registration from 2912 to 4242
* Added encryption for the communciation between agent and its httpserver
* Added possibility to complete account generation with the url a user is
redirected to
* Fixed possible seg faults
.
[ Gabriel Zachmann ]
* Added support for custom uri scheme redirect uris
* Added support for doing the auth code flow without a webserver
* Added public clients for HBP, Elixir
* Added support for XSession integration
* Various bug fixes and other improvements
* Allow -u to encrypt unencrypted files, not only reencrypting already
encrypted files
* When using oidc-gen --delete the account config now does not have to be
loaded. The refresh token can also be revoked if not loaded.
* Added --reauthenticate option to oidc-gen to easily update the refresh
token without changing any other metadata
* En-/Decryption password prompts can be done noninteractive using the
--pw-cmd option
* Improved documentation
* Fixed some memory leaks
* Fixed a seg fault when locking an agent that has a public client loaded
* Fixed other possible seg faults
* Improved usability of oidc-gen and other enhancements
.
[ Gabriel Zachmann ]
* Fixed the course of a bug that would not utilize the cached AT when an
application requests an AT with an empty scope value. This fix might have
also fixed other unknown bugs.
* Improved the user prompt message for autoload when the application does
not send an application_hint
* Improved error handling when refresh token wrong
* Fix a bug related to the confirm feature: after a request is declined it
was impossible to get an access token for this configuration without
reloading the configuration.
.
[ Gabriel Zachmann ]
* Changed the type of the UNIX domain socket used for communciating with
oidc-agent from SOCK_SEQPACKET to SOCK_STREAM
* This allows forwarding of the oidc-agent through ssh
* Added getAccessToken2 to liboidc-agent
* Access tokens can now be requested by issuer url; the suer can set an
default account config for each issuer
* Added the correlating functions to liboidc-agent
* oidc-token can now also be used with issuer urls
.
[ Gabriel Zachmann]
* Added the elixir public client to the list of public clients
.
[ Gabriel Zachmann ]
* Fixed a segfault if the pubclients.conf file does not exist
* Fixed segfault if the issuer.config in the oidc-agent directory doesn't
exist and an AT is requested by issuer.
* Fixed behavior of oidc-gen -p when the passed file does not exist.
.
[ Gabriel Zachmann ]
* Support on MacOS
.
[ Gabriel Zachmann ]
* Fixed a bug that did not save the information from dynamic client
registration (did not save merged data).
* Updated the cJSON library
.
[ Gabriel Zachmann ]
* Fixed a bug due to which no error message was displayed when trying to
load an account configuration and the oidc-agent directory was not
accessible for oidc-add.
* This bug also caused the agent to crash if oidc-token was used to load
this account configuration on the fly and the oidc-agent directory was
not accessible for oidc-agent.
.
[ Gabriel Zachmann ]
* Add possibility to allow applications that run under another user access
to the agent by using the --with-group option
.
[ Marcus Hardt ]
* Add debhelper-token
* Remove build-essential from Build-Depends
* Improve clean target to fix "source-is-missing" lintian warnings
.
[ Gabriel Zachmann ]
* Add possibility to avoid custom uri scheme (useful when running on a
remote server)
* Fixed bug with doubled communication when not all required scopes could be
registered
* Now displaying warning message when client regstration could not register
all requested scopes.
.
[ Gabriel Zachmann ]
* Add public clients for deep and extreme datacloud
.
[ Gabriel Zachmann ]
* Add public clients for iam-demo.cloud.cnaf.infn.it
.
[ Gabriel Zachmann ]
* Fixed bug that might cause problems with providers that do not support
PKCE. No longer sending code_verifier on auth code exchange requests.
.
[ Gabriel Zachmann ]
* Fixed some spelling errors.
* Fix X11 settings only adjusted when the configuration file already exists.
* Increased oidc-gen polling interval and duration.
* oidc-gen now displays the scopes supported by the provider.
* Scopes provided to oidc-gen are no longer intersected with the supported
scopes.
.
[ Gabriel Zachmann ]
* Improve RPM build
.
[ Gabriel Zachmann ]
* Fix scope lookup not using cert path.
* Exit oidc-gen when error during scope lookup.
* Add option to oidc-token to specify name of calling application.
* Add option to oidc-add to list currently loaded accounts.
* Fix no-scheme option not working if first url is scheme url.
* Add option to oidc-agent that allows log message printed to stderr.
* Fix that some information is printed to stderr instead of stdout.
* Fix scopes not set when using password flow.
* Add support to request tokens with specific audience.
* Add wlcg.cloud.cnaf.infn.it
* Add public client for wlcg.cloud.cnaf.infn.it
* Update cJSON library.
* Add --id-token option to oidc-token to request an id-token from the
agent.
* Fix some minor bugs.
* Add oidc-keychain to reuse oidc-agent across logins
.
[ Gabriel Zachmann ]
* Remove dot files from oidc-add and oidc-gen -l
* Add a header line for oidc-add -a
.
[ Gabriel Zachmann ]
* Add aai-demo.egi.eu
* Add public client for aai-demo.egi.eu
QA information
-
–
Watch file is not present
uscan_output: None -
–
"Maintainer" email is the same as the uploader
-
–
Package is native
-
–
Package has lintian errorsliboidc-agent3
-
I
hardening-no-bindnow
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.3.3.2
-
I
no-symbols-control-file
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.3.3.2
-
I
hardening-no-fortify-functions
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.3.3.2
-
X
shlib-calls-exit
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.3.3.2
oidc-agent-
I
hardening-no-bindnow
- usr/bin/oidc-add
- usr/bin/oidc-agent
- usr/bin/oidc-gen
- usr/bin/oidc-token
-
I
hardening-no-fortify-functions
- usr/bin/oidc-add
- usr/bin/oidc-agent
- usr/bin/oidc-gen
- usr/bin/oidc-token
-
I
spelling-error-in-binary
- usr/bin/oidc-agent acces access
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
oidc-agent source-
I
testsuite-autopkgtest-missing
-
I
unreleased-changelog-distribution
-
P
insecure-copyright-format-uri
- http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-
P
package-uses-old-debhelper-compat-version
- 9
-
P
source-contains-prebuilt-binary
- lib/api/liboidc-agent.so.3.3.1
-
P
rules-requires-root-missing
-
E
source-is-missing
- lib/api/liboidc-agent.so.3.3.1
-
W
source-nmu-has-incorrect-version-number
- 3.3.2
-
W
changelog-should-mention-nmu
-
I
hardening-no-bindnow
-
–
Package uploaded for the UNRELEASED distribution
-
–
RFS: license, author and changelog parsed
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License -
–
Package is not in Debian
-
–
Package uses debhelperDebhelper compatibility level 9
-
–
Homepage control field present
Comments
No comments
Upload #1
Information
| Version: | 3.3.1 |
|---|---|
| Uploaded: | 2020-03-02 17:38 |
| Source package: | oidc-agent_3.3.1.dsc |
| Distribution: | unreleased |
| Section: | misc |
| Priority: | optional |
| Homepage: | https://github.com/indigo-dc/oidc-agent/ |
Changelog
[ Marcus hardt ]
* Trying to fix debuild messages
* Updated dependency versions
.
[ Gabriel Zachmann ]
* Fixes dependencies versions
* adds man pages
.
[ Gabriel Zachmann ]
* Support for Authorization Code Flow
* Support for Device Flow
* Support for user defined scopes
* Couple of minor improvements
* Couple of bugfixes
.
[ Gabriel Zachmann ]
* Support for providing the device authorization endpoint manually
.
[ Gabriel Zachmann ]
* Removed https://perun.elixir-czech.cz/oidc/ from issuer.config.
.
[ Marcus Hardt ]
* Add IAM of DEEP to issuer.conf
* Also accept libcurl4 as a dependency
.
[ Gabriel Zachmann ]
* Adds documentation notes on expiring refresh tokens
.
[ Gabriel Zachmann ]
* Adds possibility to build the C-API as static library
* oidc-token now uses this library
.
[ Gabriel Zachmann ]
* fixed segmentation fault for an unchecked file existence
.
[ Gabriel Zachmann ]
* Fixes static library
* Includes Refactoring
* Hides client secret
* Adds optional client name identifier when using dynamic registration
* Optionally prints the device code url QR-code directly to the terminal
* Validation for redirect url format
* Fixes some typos
* Backward-compatible API-change: ipc access token requests now also contain
the associated issuer; also the C-API includes it
.
[ Gabriel Zachmann ]
* Replaces JSON Parser Library
* On default only one configuration file for client and account config is
generated.
* json and list dependencies are now included as source files not as a static
library
* oidc-agent can now be started with a default lifetime for account
configurations
* a lifetime can be specified when using oidc-add
* Better no_color support.
* Memory encryption: Encrypting refresh_token and client credentials when
not used.
* oidc-agent can now be locked. This includes additional encryption for access
tokens, refresh tokens and client credentials.
* Supporting seccomp (can be turned off) to restrict system calls
* Automatic call of authorization url can be turned off
* Adds support for bash-completion
* Changes to command line arguments: no longer using space delimited strings
* Removed the feature to list the currently loaded account configurations
* Token Request can now include an application hint
* Token Request Response now includes expires_at
* Unloading accounts does not require a password anymore
* Added option to unload all loaded accounts.
* Improvements to the memory management
* Fixed a bug where automatic account generation failed after successful
dynamic client registration.
* Improved UX: checking if oidc-add can connect to agent before prompting
for encryption password
.
[ Gabriel Zachmann ]
* Fixes a bug related to merging json objects
* Improves UI: oidc-gen now does not prompt for refresh token. Use the --rt
option insted.
* Improves UI: oidc-gen only prompts for credentials if using the password
flow
* Improved flow internal handling of dynamic client registration
* Fixes a missing seccomp syscall
.
[ Gabriel Zachmann ]
* Fixed a bug that disabled seccomp for oidc-add and oidc-token
* Internal Improvements to bash-completion
* Fixed a bug where dyn client reg would fail if the preselected scope was
modified.
.
[ Gabriel Zachmann ]
* Fixed a bug that autoremoved also accounts with infinite lifetime when an
account with limited lifetime expired
* Added missing seccomp syscalls
* Fixed a bug that broke bash completion
* Fixed possible segmentation faults
* Disabled seccomp on default
* Disables Tracing: Cannot attach using ptrace
.
[ Gabriel Zachmann ]
* Now using base64 encoding instead of hex encoding for all new encryptions
* Updated the config file format used for all new encryptions; this includes
the version it was generated with
* Added possibility to update a config file to the newest file format /
encryption
* Improved the en/decryption, so that all parameters needed are now saved
(linked to the file format)
* Fixed seg faults
* Allows usage of cjson package instead of included source files
* Fixed double response from oidc-agent for check request if agent locked
* Changes to the libsodium depencency: required newer version, now included
as static library
* Now providing a shared library and not only a static library
* The shared library is provided in the liboidc-agent2 package, the needed
development files in the liboidc-agent-dev package
* Fixed invalid read in stringToJSON
* Fixed possible double frees when the already set value is passed to a
setter
* Fixed missing authentication for device code access token requests
* Now allowing using OIDPs that support the device flow, but don't advertise
it by using the oidc-gen --dae option
* Improved UX: checking if oidc-gen can connect to agent before prompting
the user for any information
* Support for IPC encryption: oidc-add and oidc-gen now only communicate in
an encrypted way with oidc-agent
* Fixed a bug where the grant_type parameter was falsly included in the auth
code url
* Improved the account listing output
.
[ Gabriel Zachmann ]
* Fixed a bug causing problems with the device flow
* Fixed memory leaks
.
[ Gabriel Zachmann ]
* Fixed a bug due to which errors during token revocation were ignored
* Fixed a bug displaying a (wrong) error message when token revocation
succeeded and the server answered with an empty response when using
encrypted ipc communication
* Fixed a bug where the browser would not redirect to the webserver when the
chosen port was to high
* Fixed a sementation fault if the config tmp file did not contain the
account shortname
* Fixed broken bash-completion when oidcdir did not yet exist
.
[ Gabriel Zachmann ]
* Fixed build error if bin dir not existed
* Fixed a problem with unity OP where access token did not have any scope
* Fixed strange additional parameters in the auth code exchange request
* Fixed superfluous error logs when checking if a string is a json object
* Changed encoding for memory encryption from hex to base64
.
[ Gabriel Zachmann ]
* Fixed a bug due to which oidc-agent would return a wrong already loaded
account config when generating a new account config
* Improved error handling when no authorization flow possible
* Fixed a seg fault when dynamic client registration failed
* Fixed a seg fault in memory decryption if account config does not have a
client secret (public client)
* Added support for PKCE
* Added support for public clients
* Fixed a bug where it was possible to display issuer urls that only differ
in the trayling slash twice when using oidc-gen
* Enforce usage of openid and offline_access scope in all cases
.
[ Gabriel Zachmann ]
* Improve error message when necessary scopes cannot be registered during
dynamic client registration
* If necessary scopes cannot be registered during dynamic client
registration, a public client is tried
* Fixed memory leaks
* Allow updating of public clients by using the -m and --pub option
.
[ Gabriel Zachmann ]
* Added public client for aai.egi.eu
.
[ Gabriel Zachmann ]
* Added environment variable to manually specify the oidc-agent config
directory location
* Added option to manually specify the used redirect port during dynamic
client registration
.
[ Gabriel Zachmann ]
* Fixed file locations when using a custom oidcdir (through env var) and the
path value did not have a trailing slash
* Fixed a possible seg fault
.
[ Gabriel Zachmann ]
* Fixed a bug that made it impossible to use the device flow
.
[ Gabriel Zachmann ]
* Removed an unnecessary client_id from post data, that caused problems with
iam when using the device flow.
.
[ Gabriel Zachmann ]
* Changed the fundamental architecture by introducing a new proxy daemon
* Now an account config can be updated by oidc-agent, i.e. when a provider
issues a new refresh token
* oidc-agent can manage the encryption password: store encrypted in memory,
use keyring, use user provided command, or prompt the user
* Added autoload possibility. If an application requests an access token for a
not loaded config, it is automatically loaded, if the user allows it.
* Added possibility that each usage of an account configuration has to be
confirmed by the user. Can be turned on by using oidc-add -c or oidc-agent
-c
* Changed the oidc-agent console module flag from -c to -d
* Changed the default port for redirect urls when using dynamic client
registration from 2912 to 4242
* Added encryption for the communciation between agent and its httpserver
* Added possibility to complete account generation with the url a user is
redirected to
* Fixed possible seg faults
.
[ Gabriel Zachmann ]
* Added support for custom uri scheme redirect uris
* Added support for doing the auth code flow without a webserver
* Added public clients for HBP, Elixir
* Added support for XSession integration
* Various bug fixes and other improvements
* Allow -u to encrypt unencrypted files, not only reencrypting already
encrypted files
* When using oidc-gen --delete the account config now does not have to be
loaded. The refresh token can also be revoked if not loaded.
* Added --reauthenticate option to oidc-gen to easily update the refresh
token without changing any other metadata
* En-/Decryption password prompts can be done noninteractive using the
--pw-cmd option
* Improved documentation
* Fixed some memory leaks
* Fixed a seg fault when locking an agent that has a public client loaded
* Fixed other possible seg faults
* Improved usability of oidc-gen and other enhancements
.
[ Gabriel Zachmann ]
* Fixed the course of a bug that would not utilize the cached AT when an
application requests an AT with an empty scope value. This fix might have
also fixed other unknown bugs.
* Improved the user prompt message for autoload when the application does
not send an application_hint
* Improved error handling when refresh token wrong
* Fix a bug related to the confirm feature: after a request is declined it
was impossible to get an access token for this configuration without
reloading the configuration.
.
[ Gabriel Zachmann ]
* Changed the type of the UNIX domain socket used for communciating with
oidc-agent from SOCK_SEQPACKET to SOCK_STREAM
* This allows forwarding of the oidc-agent through ssh
* Added getAccessToken2 to liboidc-agent
* Access tokens can now be requested by issuer url; the suer can set an
default account config for each issuer
* Added the correlating functions to liboidc-agent
* oidc-token can now also be used with issuer urls
.
[ Gabriel Zachmann]
* Added the elixir public client to the list of public clients
.
[ Gabriel Zachmann ]
* Fixed a segfault if the pubclients.conf file does not exist
* Fixed segfault if the issuer.config in the oidc-agent directory doesn't
exist and an AT is requested by issuer.
* Fixed behavior of oidc-gen -p when the passed file does not exist.
.
[ Gabriel Zachmann ]
* Support on MacOS
.
[ Gabriel Zachmann ]
* Fixed a bug that did not save the information from dynamic client
registration (did not save merged data).
* Updated the cJSON library
.
[ Gabriel Zachmann ]
* Fixed a bug due to which no error message was displayed when trying to
load an account configuration and the oidc-agent directory was not
accessible for oidc-add.
* This bug also caused the agent to crash if oidc-token was used to load
this account configuration on the fly and the oidc-agent directory was
not accessible for oidc-agent.
.
[ Gabriel Zachmann ]
* Add possibility to allow applications that run under another user access
to the agent by using the --with-group option
.
[ Marcus Hardt ]
* Add debhelper-token
* Remove build-essential from Build-Depends
* Improve clean target to fix "source-is-missing" lintian warnings
.
[ Gabriel Zachmann ]
* Add possibility to avoid custom uri scheme (useful when running on a
remote server)
* Fixed bug with doubled communication when not all required scopes could be
registered
* Now displaying warning message when client regstration could not register
all requested scopes.
.
[ Gabriel Zachmann ]
* Add public clients for deep and extreme datacloud
.
[ Gabriel Zachmann ]
* Add public clients for iam-demo.cloud.cnaf.infn.it
.
[ Gabriel Zachmann ]
* Fixed bug that might cause problems with providers that do not support
PKCE. No longer sending code_verifier on auth code exchange requests.
.
[ Gabriel Zachmann ]
* Fixed some spelling errors.
* Fix X11 settings only adjusted when the configuration file already exists.
* Increased oidc-gen polling interval and duration.
* oidc-gen now displays the scopes supported by the provider.
* Scopes provided to oidc-gen are no longer intersected with the supported
scopes.
.
[ Gabriel Zachmann ]
* Improve RPM build
.
[ Gabriel Zachmann ]
* Fix scope lookup not using cert path.
* Exit oidc-gen when error during scope lookup.
* Add option to oidc-token to specify name of calling application.
* Add option to oidc-add to list currently loaded accounts.
* Fix no-scheme option not working if first url is scheme url.
* Add option to oidc-agent that allows log message printed to stderr.
* Fix that some information is printed to stderr instead of stdout.
* Fix scopes not set when using password flow.
* Add support to request tokens with specific audience.
* Add wlcg.cloud.cnaf.infn.it
* Add public client for wlcg.cloud.cnaf.infn.it
* Update cJSON library.
* Add --id-token option to oidc-token to request an id-token from the
agent.
* Fix some minor bugs.
* Add oidc-keychain to reuse oidc-agent across logins
.
[ Gabriel Zachmann ]
* Remove dot files from oidc-add and oidc-gen -l
* Add a header line for oidc-add -a
QA information
-
–
Watch file is not present
uscan_output: None -
–
The uploader is not in the package's "Maintainer" or "Uploaders" fields
- User email
- packages@lists.kit.edu
- "Maintainer" email
- hardt@kit.edu
-
–
Package is native
-
–
Package has lintian warningsliboidc-agent3
-
I
hardening-no-bindnow
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.3.3.1
-
I
no-symbols-control-file
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.3.3.1
-
I
hardening-no-fortify-functions
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.3.3.1
-
I
spelling-error-in-binary
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.3.3.1 occured occurred
-
X
shlib-calls-exit
- usr/lib/x86_64-linux-gnu/liboidc-agent.so.3.3.1
oidc-agent-
I
spelling-error-in-manpage
- usr/share/man/man1/oidc-token.1.gz developement development
-
I
desktop-entry-lacks-keywords-entry
- usr/share/applications/oidc-gen.desktop
-
I
hardening-no-fortify-functions
- usr/bin/oidc-add
- usr/bin/oidc-agent
- usr/bin/oidc-gen
- usr/bin/oidc-token
-
I
hardening-no-bindnow
- usr/bin/oidc-add
- usr/bin/oidc-agent
- usr/bin/oidc-gen
- usr/bin/oidc-token
-
I
spelling-error-in-binary
- usr/bin/oidc-add occured occurred
- usr/bin/oidc-agent acces access
- usr/bin/oidc-agent occured occurred
- usr/bin/oidc-gen occured occurred
- usr/bin/oidc-token developement development
-
W
desktop-command-not-in-package
- usr/share/applications/oidc-gen.desktop x-terminal-emulator
oidc-agent source-
I
out-of-date-standards-version
- 4.1.5 (released 2018-07-04) (current is 4.5.0)
-
I
testsuite-autopkgtest-missing
-
I
unreleased-changelog-distribution
-
P
package-uses-old-debhelper-compat-version
- 9
-
P
insecure-copyright-format-uri
- http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-
P
file-contains-trailing-whitespace
- debian/control (line 47)
- debian/control (line 61)
- debian/control (line 62)
- debian/rules (line 7)
- debian/rules (line 8)
-
P
rules-requires-root-missing
-
I
hardening-no-bindnow
-
–
Package uploaded for the UNRELEASED distribution
-
–
RFS: license, author and changelog parsed
author: Gabriel Zachmann <gabriel.zachmann@kit.edu> licenses: MIT-License -
–
Package is not in Debian
-
–
Package uses debhelperDebhelper compatibility level 9
-
–
Homepage control field present
Comments
No comments